- Get Guardduty dumb data from AWS S3
- Iterate over the data
- Filter data base on severity
- Extract only the the relevant data
Configuration config.json was created using AutoFlow version 0.2.5
Is you have questions about this example, feel free to post your question on the community "Ask Questions" website.
- HTTP Server
- Endpoint (Method: GET)
- Action communication/http-request to make the HTTP API call to AWS S3
- Action json/decode to make the JSON easier to use
- Action data/set to create an empty array for storing the extracted database
- Action iteration/for-each to iterate over the Guard Duty data which is in array
- Action condition/match to filter only the data that matches certain condition
- Action array/insert-at to insert the extracted data into the array
- Action data/set to set the result in the response body
Enter the AWS S3 bucket. Sample Guard Duty data provided below https://autoflow-files.s3-us-west-2.amazonaws.com/guardduty+data.json The returned data is stored in a new variable called "result"
Guard Duty returns the data in JSON format. We can use the json/decode action to put the data in a more accessible format.
Array is commonly used to structure extracted data. Before we iterate over the Guard Duty data, we use data set to delcare/create an empty array.
Notice that decoded Guard Duty data was saved in a variable called "result_decoded". Each element's index and value are stored in index and value variables respectively.
Use the Match/condition action to select only the data that matches the condition. In our case, we are looking for the severity of the security incidents.
Match can have many conditions. In our case, the condition is severity greater than or equal to 2.
As the Guard Duty data is iterated, array/insert-at action inserts the selected data into the "sorted" array that was created earlier
To make the data available, data/set action is used to set data in the response body.
