Merge pull request #102 from SumoLogic/hpal_version_bug_fix

version bumped

Author: himanshu219

cloudwatchevents/guarddutybenchmark/packaged_v2.yaml

@@ -1,4 +1,5 @@
 AWSTemplateFormatVersion: '2010-09-09'
+Transform: AWS::Serverless-2016-10-31
 Description: 'This function is invoked by AWS CloudWatch events in response to state
   change in your AWS resources which matches a event target definition. The event
   payload received is then forwarded to Sumo Logic HTTP source endpoint.
@@ -24,56 +25,36 @@ Metadata:
       - SourceCategoryName
       - RemoveSumoResourcesOnDeleteStack
     ParameterLabels:
-      CollectorName:
-        default: Collector Name
-      RemoveSumoResourcesOnDeleteStack:
-        default: Remove Sumo Resources On Delete Stack
-      SourceCategoryName:
-        default: Source Category Name
-      SourceName:
-        default: Source Name
+      SumoDeployment:
+        default: Deployment Name
       SumoAccessID:
         default: Access ID
       SumoAccessKey:
         default: Access Key
-      SumoDeployment:
-        default: Deployment Name
-Outputs:
-  CloudWatchEventFunction:
-    Description: CloudWatchEvent Processor Function ARN
-    Value:
-      Fn::GetAtt:
-      - CloudWatchEventFunction
-      - Arn
-  GuarddutyBenchmarkAppFolder:
-    Description: Folder Name
-    Value:
-      Fn::GetAtt:
-      - SumoGuardDutyBenchmarkApp
-      - APP_FOLDER_NAME
+      CollectorName:
+        default: Collector Name
+      SourceName:
+        default: Source Name
+      SourceCategoryName:
+        default: Source Category Name
+      RemoveSumoResourcesOnDeleteStack:
+        default: Remove Sumo Resources On Delete Stack
 Parameters:
   CollectorName:
-    Default: GuarddutyCollector
-    Type: String
-  RemoveSumoResourcesOnDeleteStack:
-    AllowedValues:
-    - true
-    - false
-    Default: false
-    Description: To delete collector, sources and app when stack is deleted, set this
-      parameter to true. Default is false.
-    Type: String
-  SourceCategoryName:
-    Default: Labs/AWS/Guardduty
     Type: String
+    Default: GuarddutyCollector
   SourceName:
+    Type: String
     Default: GuarddutyEvents
+  SourceCategoryName:
     Type: String
+    Default: Labs/AWS/Guardduty
   SumoAccessID:
     Type: String
   SumoAccessKey:
     Type: String
   SumoDeployment:
+    Type: String
     AllowedValues:
     - au
     - ca
@@ -83,6 +64,13 @@ Parameters:
     - us2
     - us1
     Description: Enter au, ca, de, eu, jp, us2, or us1
+  RemoveSumoResourcesOnDeleteStack:
+    AllowedValues:
+    - true
+    - false
+    Default: false
+    Description: To delete collector, sources and app when stack is deleted, set this
+      parameter to true. Default is false.
     Type: String
 Resources:
   CloudWatchEventFunction:
@@ -105,77 +93,89 @@ Resources:
       Runtime: nodejs8.10
     Type: AWS::Serverless::Function
   SumoAppUtils:
+    Type: AWS::Serverless::Application
     Properties:
       Location:
         ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-app-utils
-        SemanticVersion: 1.0.5
-    Type: AWS::Serverless::Application
-  SumoGuardDutyBenchmarkApp:
+        SemanticVersion: 1.0.6
+  SumoHostedCollector:
+    Type: Custom::Collector
     Properties:
-      AppName: Amazon GuardDuty Benchmark
-      AppSources:
-        gdbenchmark:
-          Fn::Sub: _sourceCategory=${SourceCategoryName}
-      Region:
-        Ref: AWS::Region
-      RemoveOnDeleteStack:
-        Ref: RemoveSumoResourcesOnDeleteStack
       ServiceToken:
         Fn::GetAtt:
         - SumoAppUtils
         - Outputs.SumoAppUtilsFunction
+      Region:
+        Ref: AWS::Region
+      CollectorType: Hosted
+      RemoveOnDeleteStack:
+        Ref: RemoveSumoResourcesOnDeleteStack
+      CollectorName:
+        Ref: CollectorName
       SumoAccessID:
         Ref: SumoAccessID
       SumoAccessKey:
         Ref: SumoAccessKey
       SumoDeployment:
         Ref: SumoDeployment
-    Type: Custom::App
   SumoHTTPSource:
+    Type: Custom::HTTPSource
     Properties:
-      CollectorId:
+      ServiceToken:
         Fn::GetAtt:
-        - SumoHostedCollector
-        - COLLECTOR_ID
-      DateFormat: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
-      DateLocatorRegex: .*"updatedAt":"(.*)".*
+        - SumoAppUtils
+        - Outputs.SumoAppUtilsFunction
       Region:
         Ref: AWS::Region
+      SourceName:
+        Ref: SourceName
       RemoveOnDeleteStack:
         Ref: RemoveSumoResourcesOnDeleteStack
-      ServiceToken:
-        Fn::GetAtt:
-        - SumoAppUtils
-        - Outputs.SumoAppUtilsFunction
       SourceCategory:
         Ref: SourceCategoryName
-      SourceName:
-        Ref: SourceName
+      CollectorId:
+        Fn::GetAtt:
+        - SumoHostedCollector
+        - COLLECTOR_ID
       SumoAccessID:
         Ref: SumoAccessID
       SumoAccessKey:
         Ref: SumoAccessKey
       SumoDeployment:
         Ref: SumoDeployment
-    Type: Custom::HTTPSource
-  SumoHostedCollector:
+      DateFormat: yyyy-MM-dd'T'HH:mm:ss.SSS'Z'
+      DateLocatorRegex: .*"updatedAt":"(.*)".*
+  SumoGuardDutyBenchmarkApp:
+    Type: Custom::App
     Properties:
-      CollectorName:
-        Ref: CollectorName
-      CollectorType: Hosted
-      Region:
-        Ref: AWS::Region
-      RemoveOnDeleteStack:
-        Ref: RemoveSumoResourcesOnDeleteStack
       ServiceToken:
         Fn::GetAtt:
         - SumoAppUtils
         - Outputs.SumoAppUtilsFunction
+      Region:
+        Ref: AWS::Region
+      AppName: Amazon GuardDuty Benchmark
+      RemoveOnDeleteStack:
+        Ref: RemoveSumoResourcesOnDeleteStack
+      AppSources:
+        gdbenchmark:
+          Fn::Sub: _sourceCategory=${SourceCategoryName}
       SumoAccessID:
         Ref: SumoAccessID
       SumoAccessKey:
         Ref: SumoAccessKey
       SumoDeployment:
         Ref: SumoDeployment
-    Type: Custom::Collector
-Transform: AWS::Serverless-2016-10-31
+Outputs:
+  CloudWatchEventFunction:
+    Description: CloudWatchEvent Processor Function ARN
+    Value:
+      Fn::GetAtt:
+      - CloudWatchEventFunction
+      - Arn
+  GuarddutyBenchmarkAppFolder:
+    Description: Folder Name
+    Value:
+      Fn::GetAtt:
+      - SumoGuardDutyBenchmarkApp
+      - APP_FOLDER_NAME

cloudwatchevents/guarddutybenchmark/template_v2.yaml

@@ -98,7 +98,7 @@ Resources:
     Properties:
       Location:
         ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-app-utils
-        SemanticVersion: 1.0.5
+        SemanticVersion: 1.0.6
 
   SumoHostedCollector:
     Type: Custom::Collector

kinesis/node.js/k2sl_lambda.js

@@ -1,5 +1,5 @@
 //////////////////////////////////////////////////////////////////////////////////
-//                       CloudWatch Logs to SumoLogic                           //
+// CloudWatch Logs to SumoLogic //
 // https://github.com/SumoLogic/sumologic-aws-lambda/tree/master/cloudwatchlogs //
 //////////////////////////////////////////////////////////////////////////////////
 
@@ -8,22 +8,22 @@ var SumoURL = process.env.SUMO_ENDPOINT;
 
 // The following parameters override the sourceCategoryOverride, sourceHostOverride and sourceNameOverride metadata fields within SumoLogic.
 // Not these can also be overridden via json within the message payload. See the README for more information.
-var sourceCategoryOverride = process.env.SOURCE_CATEGORY_OVERRIDE || 'none';  // If none sourceCategoryOverride will not be overridden
-var sourceHostOverride = process.env.SOURCE_HOST_OVERRIDE || 'none';          // If none sourceHostOverride will not be set to the name of the logGroup
-var sourceNameOverride = process.env.SOURCE_NAME_OVERRIDE || 'none';          // If none sourceNameOverride will not be set to the name of the logStream
+var sourceCategoryOverride = process.env.SOURCE_CATEGORY_OVERRIDE || 'none'; // If none sourceCategoryOverride will not be overridden
+var sourceHostOverride = process.env.SOURCE_HOST_OVERRIDE || 'none'; // If none sourceHostOverride will not be set to the name of the logGroup
+var sourceNameOverride = process.env.SOURCE_NAME_OVERRIDE || 'none'; // If none sourceNameOverride will not be set to the name of the logStream
 
 var retryInterval = process.env.RETRY_INTERVAL || 5000; // the interval in millisecs between retries
-var numOfRetries = process.env.NUMBER_OF_RETRIES || 3;  // the number of retries
+var numOfRetries = process.env.NUMBER_OF_RETRIES || 3; // the number of retries
 
 // CloudWatch logs encoding
-var encoding = process.env.ENCODING || 'utf-8';  // default is utf-8
+var encoding = process.env.ENCODING || 'utf-8'; // default is utf-8
 
 // Include logStream and logGroup as json fields within the message. Required for SumoLogic AWS Lambda App
-var includeLogInfo = true;  // default is true
+var includeLogInfo = true; // default is true
 
 // Regex used to detect logs coming from lambda functions.
 // The regex will parse out the requestID and strip the timestamp
-// Example: 2016-11-10T23:11:54.523Z   108af3bb-a79b-11e6-8bd7-91c363cc05d9    some message
+// Example: 2016-11-10T23:11:54.523Z 108af3bb-a79b-11e6-8bd7-91c363cc05d9 some message
 var consoleFormatRegex = /^\d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}.\d{3}Z\t(\w+?-\w+?-\w+?-\w+?-\w+)\t/;
 
 // Used to extract RequestID
@@ -33,7 +33,6 @@ var https = require('https');
 var zlib = require('zlib');
 var url = require('url');
 
-
 Promise.retryMax = function(fn,retry,interval,fnParams) {
     return fn.apply(this,fnParams).catch( err => {
         var waitTime = typeof interval === 'function' ? interval() : interval;
@@ -106,7 +105,8 @@ function postToSumo(context, messages) {
     var options = {
         'hostname': urlObject.hostname,
         'path': urlObject.pathname,
-        'method': 'POST'
+        'method': 'POST',
+        'port': urlObject.port
     };
 
     var finalizeContext = function () {
@@ -248,7 +248,8 @@ exports.handler = function (event, context) {
         // Push messages to Sumo
         if (index === numOfRecords-1) {
             postToSumo(context, messageList);
-        }        
+        }
 
     });
 };
+