updated boto3, app util version, cve fixes

cloudwatchevents/guardduty/deploy.sh

@@ -10,7 +10,7 @@ else
     AWS_REGION="us-east-2"
 fi
 
-version="1.0.6"
+version="1.0.8"
 
 echo "Creating package.yaml"
 sam package --template-file template.yaml --s3-bucket $SAM_S3_BUCKET  --output-template-file packaged.yaml --s3-prefix "GuardDuty/v"$version --region $AWS_REGION --profile $AWS_PROFILE

cloudwatchevents/guardduty/packaged.yaml

@@ -23,9 +23,9 @@ Metadata:
     - cloudwatchevents
     - guardduty
     Name: sumologic-guardduty-events-processor
-    LicenseUrl: s3://appdevstore/GuardDuty/v1.0.6/6092dd6c323e33634657102f570628e0
-    ReadmeUrl: s3://appdevstore/GuardDuty/v1.0.6/9d217c45b3ababadef584aee27d4d607
-    SemanticVersion: 1.0.6
+    LicenseUrl: s3://appdevstore/GuardDuty/v1.0.8/6092dd6c323e33634657102f570628e0
+    ReadmeUrl: s3://appdevstore/GuardDuty/v1.0.8/9d217c45b3ababadef584aee27d4d607
+    SemanticVersion: 1.0.8
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/main/cloudwatchevents/guardduty
     SpdxLicenseId: Apache-2.0
 Parameters:
@@ -35,9 +35,9 @@ Resources:
   CloudWatchEventFunction:
     Type: AWS::Serverless::Function
     Properties:
-      CodeUri: s3://appdevstore/GuardDuty/v1.0.6/22b7b226ca9ec3b9dbb28b94c0e5f824
+      CodeUri: s3://appdevstore/GuardDuty/v1.0.8/206761f9f3de8df84e85a86641f534df
       Handler: cloudwatchevents.handler
-      Runtime: nodejs22.x
+      Runtime: nodejs24.x
       Environment:
         Variables:
           SUMO_ENDPOINT:

cloudwatchevents/guardduty/template.yaml

@@ -23,7 +23,7 @@ Metadata:
     Name: sumologic-guardduty-events-processor
     LicenseUrl: ../LICENSE
     ReadmeUrl: ./README.md
-    SemanticVersion: 1.0.6
+    SemanticVersion: 1.0.8
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/main/cloudwatchevents/guardduty
     SpdxLicenseId: Apache-2.0
 
@@ -38,7 +38,7 @@ Resources:
     Properties:
       CodeUri: ../src/
       Handler: cloudwatchevents.handler
-      Runtime: nodejs22.x
+      Runtime: nodejs24.x
       Environment:
         Variables:
           SUMO_ENDPOINT: !Ref SumoEndpointUrl

cloudwatchevents/guarddutybenchmark/deploy.sh

@@ -11,7 +11,7 @@ else
     AWS_REGION="us-east-2"
 fi
 
-version="1.0.20"
+version="1.0.23"
 
 echo "Creating package.yaml"
 sam package --template-file template_v2.yaml --s3-bucket $SAM_S3_BUCKET  --output-template-file packaged.yaml --s3-prefix "guarddutybenchmark/v"$version --region $AWS_REGION --profile $AWS_PROFILE

cloudwatchevents/guarddutybenchmark/packaged.yaml

@@ -53,9 +53,9 @@ Metadata:
     - benchmark
     - guardduty
     Name: sumologic-guardduty-benchmark
-    LicenseUrl: s3://appdevstore/guarddutybenchmark/v1.0.20/6092dd6c323e33634657102f570628e0
-    ReadmeUrl: s3://appdevstore/guarddutybenchmark/v1.0.20/cab012d7fb7887671b751e6f5c0d2062
-    SemanticVersion: 1.0.20
+    LicenseUrl: s3://appdevstore/guarddutybenchmark/v/6092dd6c323e33634657102f570628e0
+    ReadmeUrl: s3://appdevstore/guarddutybenchmark/v/cab012d7fb7887671b751e6f5c0d2062
+    SemanticVersion: 1.0.23
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/main/cloudwatchevents/guarddutybenchmark
     SpdxLicenseId: Apache-2.0
 Parameters:
@@ -99,7 +99,7 @@ Parameters:
 Resources:
   CloudWatchEventFunction:
     Properties:
-      CodeUri: s3://appdevstore/guarddutybenchmark/v1.0.20/22b7b226ca9ec3b9dbb28b94c0e5f824
+      CodeUri: s3://appdevstore/guarddutybenchmark/v/206761f9f3de8df84e85a86641f534df
       Environment:
         Variables:
           SUMO_ENDPOINT:
@@ -114,7 +114,7 @@ Resources:
               - aws.guardduty
           Type: CloudWatchEvent
       Handler: cloudwatchevents.handler
-      Runtime: nodejs22.x
+      Runtime: nodejs24.x
     Type: AWS::Serverless::Function
     Metadata:
       SamResourceId: CloudWatchEventFunction
@@ -123,7 +123,7 @@ Resources:
     Properties:
       Location:
         ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-app-utils
-        SemanticVersion: 2.0.21
+        SemanticVersion: 2.0.23
     Metadata:
       SamResourceId: SumoAppUtils
   SumoHostedCollector:

cloudwatchevents/guarddutybenchmark/template_v2.yaml

@@ -56,7 +56,7 @@ Metadata:
     Name: sumologic-guardduty-benchmark
     LicenseUrl: ../LICENSE
     ReadmeUrl: ./README.md
-    SemanticVersion: 1.0.20
+    SemanticVersion: 1.0.23
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/main/cloudwatchevents/guarddutybenchmark
     SpdxLicenseId: Apache-2.0
 
@@ -113,15 +113,15 @@ Resources:
               - aws.guardduty
           Type: CloudWatchEvent
       Handler: cloudwatchevents.handler
-      Runtime: nodejs22.x
+      Runtime: nodejs24.x
     Type: AWS::Serverless::Function
 
   SumoAppUtils:
     Type: AWS::Serverless::Application
     Properties:
       Location:
         ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-app-utils
-        SemanticVersion: 2.0.21
+        SemanticVersion: 2.0.23
 
   SumoHostedCollector:
     Type: Custom::Collector

cloudwatchevents/src/cloudwatchevents.js

@@ -24,7 +24,6 @@ var numOfRetries = process.env.NUMBER_OF_RETRIES || 3;  // the number of retries
 
 var https = require('https');
 var zlib = require('zlib');
-var url = require('url');
 
 Promise.retryMax = function(fn,retry,interval,fnParams) {
     return fn.apply(this,fnParams).catch( err => {
@@ -49,93 +48,90 @@ function exponentialBackoff(seed) {
     }
 }
 
-function postToSumo(callback, messages) {
-    var messagesTotal = Object.keys(messages).length;
+function httpSend(options, headers, data) {
+    return new Promise( (resolve,reject) => {
+        var curOptions = Object.assign({}, options);
+        curOptions.headers = headers;
+        var req = https.request(curOptions, function (res) {
+            var body = '';
+            res.setEncoding('utf8');
+            res.on('data', function (chunk) {
+                body += chunk;
+            });
+            res.on('end', function () {
+                if (res.statusCode == 200) {
+                    resolve(body);
+                } else {
+                    reject({'error':'HTTP Return code ' + res.statusCode,'res':res});
+                }
+            });
+        });
+        req.on('error', function (e) {
+            reject({'error':e,'res':null});
+        });
+        for (var i = 0; i < data.length; i++) {
+            req.write(JSON.stringify(data[i]) + '\n');
+        }
+        console.log("sending to Sumo...")
+        req.end();
+    });
+}
+
+async function postToSumo(messages) {
     var messagesSent = 0;
     var messageErrors = [];
 
-    var urlObject = url.parse(SumoURL);
+    var urlObject = new URL(SumoURL);
     var options = {
         'hostname': urlObject.hostname,
-        'path': urlObject.pathname,
+        'path': urlObject.pathname + urlObject.search,
         'method': 'POST'
     };
 
-    var finalizeContext = function () {
-        var total = messagesSent + messageErrors.length;
-        if (total == messagesTotal) {
-            console.log('messagesSent: ' + messagesSent + ' messagesErrors: ' + messageErrors.length);
-            if (messageErrors.length > 0) {
-                callback('errors: ' + messageErrors);
-            } else {
-                callback(null, "Success");
-            }
-        }
-    };
-
-    function httpSend(options, headers, data) {
-        return new Promise( (resolve,reject) => {
-            var curOptions = options;
-            curOptions.headers = headers;
-            var req = https.request(curOptions, function (res) {
-                var body = '';
-                res.setEncoding('utf8');
-                res.on('data', function (chunk) {
-                    body += chunk; // don't really do anything with body
-                });
-                res.on('end', function () {
-                    if (res.statusCode == 200) {
-                        resolve(body);
-                    } else {
-                        reject({'error':'HTTP Return code ' + res.statusCode,'res':res});
-                    }
-                });
-            });
-            req.on('error', function (e) {
-                reject({'error':e,'res':null});
-            });
-            for (var i = 0; i < data.length; i++) {
-                req.write(JSON.stringify(data[i]) + '\n');
-            }
-            console.log("sending to Sumo...")
-            req.end();
-        });
-    }
-    Object.keys(messages).forEach(function (key, index) {
+    var keys = Object.keys(messages);
+    for (var i = 0; i < keys.length; i++) {
+        var key = keys[i];
         var headerArray = key.split(':');
         var headers = {
             'X-Sumo-Name': headerArray[0],
             'X-Sumo-Category': headerArray[1],
             'X-Sumo-Host': headerArray[2],
             'X-Sumo-Client': 'cloudwatchevents-aws-lambda'
         };
-        Promise.retryMax(httpSend, numOfRetries, retryInterval, [options, headers, messages[key]]).then((body)=> {
+        try {
+            await Promise.retryMax(httpSend, numOfRetries, retryInterval, [options, headers, messages[key]]);
             messagesSent++;
-            finalizeContext()
-        }).catch((e) => {
+        } catch (e) {
             messageErrors.push(e.error);
-            finalizeContext();
-        });
-    });
+        }
+    }
+
+    console.log('messagesSent: ' + messagesSent + ' messagesErrors: ' + messageErrors.length);
+    if (messageErrors.length > 0) {
+        throw new Error('errors: ' + messageErrors);
+    }
+    return "Success";
 }
 
-exports.handler = function (event, context, callback) {
+exports.handler = async function (event, context) {
 
-    // Used to hold chunks of messages to post to SumoLogic
     var messageList = {};
     var final_event;
-    // Validate URL has been set
-    var urlObject = url.parse(SumoURL);
-    if (urlObject.protocol != 'https:' || urlObject.host === null || urlObject.path === null) {
-        callback('Invalid SUMO_ENDPOINT environment variable: ' + SumoURL);
+    var urlObject;
+    try {
+        urlObject = new URL(SumoURL);
+    } catch (e) {
+        throw new Error('Invalid SUMO_ENDPOINT environment variable: ' + SumoURL);
+    }
+    if (urlObject.protocol !== 'https:' || !urlObject.hostname || !urlObject.pathname) {
+        throw new Error('Invalid SUMO_ENDPOINT environment variable: ' + SumoURL);
     }
 
-    //console.log(event);
     if ((event.source==="aws.guardduty") || (removeOuterFields)) {
         final_event =event.detail;
     } else {
         final_event = event;
     }
     messageList[sourceNameOverride+':'+sourceCategoryOverride+':'+sourceHostOverride]=[final_event];
-    postToSumo(callback, messageList);
+    return await postToSumo(messageList);
 };

cloudwatchevents/test/requirements.txt

@@ -1,3 +1,3 @@
-requests==2.32.5
-boto3==1.36.11
+requests==2.33.0
+boto3==1.43.6
 sumologic-sdk==0.1.17

cloudwatchevents/test/test-guardduty-benchmark.py

@@ -8,6 +8,7 @@
 import unittest
 
 import boto3
+import requests
 from sumologic import SumoLogic
 
 TIMEFORMAT = '%Y-%m-%dT%H:%M:%S'
@@ -154,10 +155,9 @@ def delete_source(self, collector_id, source):
 
     def fetch_logs(self):
         raw_messages = []
-        # fetch Last 10 Minutes logs
-        # Get the current time
+        # Search with a wide window to avoid missing logs during retries
         to_time = datetime.datetime.now()
-        from_time = to_time - datetime.timedelta(minutes=self.delay+2)
+        from_time = to_time - datetime.timedelta(minutes=self.delay+15)
         from_time = from_time.strftime(TIMEFORMAT)
         to_time = to_time.strftime(TIMEFORMAT)
         print("Fetching records")
@@ -192,7 +192,11 @@ def fetch_logs(self):
 
     def fetch_logs_with_retry(self, retries=6, delay=60):
         for attempt in range(1, retries + 1):
-            result = self.fetch_logs()
+            try:
+                result = self.fetch_logs()
+            except requests.exceptions.ConnectionError as e:
+                print(f"Connection error on attempt {attempt}: {e}")
+                result = []
             if len(result) >= 3:
                 return result
             else:
@@ -202,7 +206,6 @@ def fetch_logs_with_retry(self, retries=6, delay=60):
                     return result
                 else:
                     print(f"Retrying in {delay} seconds...")
-                    self.delay += 1
                     time.sleep(delay)
 
     # Validate the specific findings generated
@@ -356,6 +359,7 @@ def test_guard_duty_benchmark(self):
         self.cf.create_stack(self.parameters)
         print("Testing Stack Creation.")
         self.assertTrue(self.cf.stack_exists())
+        time.sleep(120)
         # Generate some specific sample findings
         print("Generating sample GuardDuty findings.")
         self.guard_duty.create_sample_findings(DetectorId=self.detector_id, FindingTypes=self.finding_types)
@@ -442,6 +446,7 @@ def test_guard_duty(self):
         self.cf.create_stack(self.parameters)
         print("Testing Stack Creation.")
         self.assertTrue(self.cf.stack_exists())
+        time.sleep(120)
         # Generate some specific sample findings
         print("Generating sample GuardDuty findings.")
         self.guard_duty.create_sample_findings(DetectorId=self.detector_id, FindingTypes=self.finding_types)
@@ -499,6 +504,7 @@ def test_cloudwatch_event(self):
         self.cf.create_stack(self.parameters)
         print("Testing Stack Creation.")
         self.assertTrue(self.cf.stack_exists())
+        time.sleep(120)
         # Generate some specific sample findings
         print("Generating sample CloudWatch Events.")
         self.guard_duty.create_sample_findings(DetectorId=self.detector_id, FindingTypes=self.finding_types)

cloudwatchlogs-with-dlq/requirements.txt

@@ -1,2 +1,2 @@
-requests==2.32.5
-boto3==1.36.11
+requests==2.33.0
+boto3==1.43.6

loggroup-lambda-connector/test/requirements.txt

@@ -1,3 +1,3 @@
-requests>=2.32.4
-boto3==1.36.11
+requests==2.33.0
+boto3==1.43.6
 cfn-flip>=1.3.0

securityhub-collector/sam/packaged.yaml

@@ -22,9 +22,9 @@ Metadata:
     - cloudwatchevents
     - securityhub
     Name: sumologic-securityhub-collector
-    LicenseUrl: s3://appdevstore/SecurityHubCollector/v1.0.11/6092dd6c323e33634657102f570628e0
-    ReadmeUrl: s3://appdevstore/SecurityHubCollector/v1.0.11/3edeb049c0e4202e9588e43b957090ed
-    SemanticVersion: 1.0.11
+    LicenseUrl: s3://appdevstore/SecurityHubCollector/v1.0.13/6092dd6c323e33634657102f570628e0
+    ReadmeUrl: s3://appdevstore/SecurityHubCollector/v1.0.13/3edeb049c0e4202e9588e43b957090ed
+    SemanticVersion: 1.0.13
     SourceCodeUrl: https://github.com/SumoLogic/sumologic-aws-lambda/tree/master/securityhub-collector
     SpdxLicenseId: Apache-2.0
 Parameters:
@@ -35,8 +35,8 @@ Resources:
     Type: AWS::Serverless::Function
     Properties:
       Handler: securityhub_collector.lambda_handler
-      Runtime: python3.13
-      CodeUri: s3://appdevstore/SecurityHubCollector/v1.0.11/3c2bc2da7576810682419519fdc578bb
+      Runtime: python3.14
+      CodeUri: s3://appdevstore/SecurityHubCollector/v1.0.13/3c2bc2da7576810682419519fdc578bb
       MemorySize: 128
       Timeout: 300
       Policies:

securityhub-collector/sam/requirements.txt

@@ -1 +1 @@
-boto3==1.36.11
+boto3==1.43.6