--- policy: /ce/ca/aws/security-hub/security-hub-in-all-regions logic: /ce/ca/aws/security-hub/security-hub-in-all-regions/prod.logic.yaml executionTime: 2026-06-06T12:03:27.008735297Z generationMs: 74 executionMs: 1034 rows: - id: test1 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 199 actual: 199 conditionText: expected: CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == number(0.0) actual: CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == number(0.0) runtimeError: {} - id: test2 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 299 actual: 299 conditionText: expected: CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == CA10__AWS_Account_Regions__r.count(COMPLIANT) actual: CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == CA10__AWS_Account_Regions__r.count(COMPLIANT) runtimeError: {} - id: test3 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 399 actual: 399 conditionText: expected: CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) > CA10__AWS_Account_Regions__r.count(COMPLIANT) actual: CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) > CA10__AWS_Account_Regions__r.count(COMPLIANT) runtimeError: {} - id: test4 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 400 actual: 400 conditionText: expected: otherwise actual: otherwise runtimeError: {} usedFiles: - path: /ce/ca/aws/security-hub/security-hub-in-all-regions/policy.yaml md5Hash: 82E4EB845930969196595FD1C0E180A2 content: | --- names: full: "AWS Security Hub is not enabled" contextual: "Security Hub is not enabled" description: "Security Hub collects security data from across AWS accounts, services,\ \ and supported third-party partner products and helps you analyze your security\ \ trends and identify the highest priority security issues. When you enable Security\ \ Hub, it begins to consume, aggregate, organize, and prioritize findings from AWS\ \ services that you have enabled, such as Amazon GuardDuty, Amazon Inspector, and\ \ Amazon Macie." type: COMPLIANCE_POLICY categories: - SECURITY frameworkMappings: - "/frameworks/cis-aws-v7.0.0/05/16" - "/frameworks/cloudaware/resource-security/threat-protection" - "/frameworks/aws-well-architected/sec/04/03" - "/frameworks/aws-well-architected/sec/04/04" similarPolicies: internal: - "dec-z-bc139af8" cloudConformity: - url: "https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/SecurityHub/security-hub-enabled.html" name: "Security Hub Enabled" - path: /ce/ca/aws/security-hub/security-hub-in-all-regions/prod.logic.yaml md5Hash: 0D5AE8DCE7F4E60934A934B6EA223208 content: | --- inputType: "CA10__CaAwsAccount__c" testData: - file: "test-data.json" conditions: - status: "INCOMPLIANT" currentStateMessage: "The account does not have Security Hub enabled in any region." check: IS_EQUAL: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_Security_Hubs__r" right: NUMBER: 0.0 - status: "COMPLIANT" currentStateMessage: "Security Hub is enabled in all active regions." check: IS_EQUAL: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_Security_Hubs__r" right: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10__AWS_Account_Regions__r" - status: "COMPLIANT" currentStateMessage: "Security Hub is enabled in all regions including inactive regions." check: GREATER_THAN: left: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10A1__AWS_Security_Hubs__r" right: RELATED_LIST_COUNT: status: "COMPLIANT" relationshipName: "CA10__AWS_Account_Regions__r" otherwise: status: "INCOMPLIANT" currentStateMessage: "Security Hub is not enabled in all active regions." remediationMessage: "Enable Security Hub in all active regions." relatedLists: - relationshipName: "CA10A1__AWS_Security_Hubs__r" conditions: [] otherwise: status: "COMPLIANT" currentStateMessage: "Security Hub is enabled." - relationshipName: "CA10__AWS_Account_Regions__r" importExtracts: - file: /types/CA10__CaAwsAccountRegion__c/object.extracts.yaml conditions: - status: "COMPLIANT" currentStateMessage: "Active AWS account region." check: NOT_EQUAL: left: EXTRACT: "CA10__status__c" right: TEXT: "not-opted-in" otherwise: status: "INAPPLICABLE" currentStateMessage: "This AWS account region is not active." - path: /ce/ca/aws/security-hub/security-hub-in-all-regions/test-data.json md5Hash: 1FB9FAD23CC32D0942E356CD001B7062 content: |- [ { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "199", "conditionText": "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == number(0.0)", "runtimeError": null }, "context": { "snapshotTime": "2025-10-24T05:35:18Z" }, "Id": "test1", "CA10A1__AWS_Security_Hubs__r": [], "CA10__AWS_Account_Regions__r": [ { "CA10__status__c": "opt-in-not-required", "CA10__account__c": "test1", "Id": "test1_1" }, { "CA10__status__c": "opt-in-not-required", "CA10__account__c": "test1", "Id": "test1_2" } ] }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "299", "conditionText": "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == CA10__AWS_Account_Regions__r.count(COMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-10-24T05:35:18Z" }, "Id": "test2", "CA10A1__AWS_Security_Hubs__r": [ { "Id": "test2_3", "CA10A1__account__c": "test2", "CA10A1__disappearanceTime__c": null } ], "CA10__AWS_Account_Regions__r": [ { "CA10__status__c": "opt-in-not-required", "CA10__account__c": "test2", "Id": "test2_1" } ] }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "399", "conditionText": "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) > CA10__AWS_Account_Regions__r.count(COMPLIANT)", "runtimeError": null }, "context": { "snapshotTime": "2025-10-24T05:35:18Z" }, "Id": "test3", "CA10A1__AWS_Security_Hubs__r": [ { "Id": "test3_3", "CA10A1__account__c": "test3", "CA10A1__disappearanceTime__c": null }, { "Id": "test3_4", "CA10A1__account__c": "test3", "CA10A1__disappearanceTime__c": null } ], "CA10__AWS_Account_Regions__r": [ { "CA10__status__c": "opt-in-not-required", "CA10__account__c": "test3", "Id": "test3_1" }, { "CA10__status__c": "not-opted-in", "CA10__account__c": "test3", "Id": "test3_2" } ] }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "400", "conditionText": "otherwise", "runtimeError": null }, "context": { "snapshotTime": "2025-10-24T05:35:18Z" }, "Id": "test4", "CA10A1__AWS_Security_Hubs__r": [ { "Id": "test4_3", "CA10A1__account__c": "test4", "CA10A1__disappearanceTime__c": null } ], "CA10__AWS_Account_Regions__r": [ { "CA10__status__c": "opt-in-not-required", "CA10__account__c": "test4", "Id": "test4_1" }, { "CA10__status__c": "opt-in-not-required", "CA10__account__c": "test4", "Id": "test4_2" } ] } ] - path: /types/CA10__CaAwsAccountRegion__c/object.extracts.yaml md5Hash: B5D54D4844B8E77238E14E730ABEE3C4 content: "---\nextracts:\n - name: CA10__status__c\n value: \n FIELD:\n\ \ path: CA10__status__c\n undeterminedIf:\n isEmpty:\ \ \"Account Region status must be specified \"\n - name: CA10__ebsStorageEncryption__c\n\ \ value: \n FIELD:\n path: CA10__ebsStorageEncryption__c\n \ \ undeterminedIf:\n isEmpty: \"EBS Storage Encryption can not\ \ be empty. Possibly corrupted data.\"" script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "test1", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "199", "conditionText" : "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == number(0.0)", "runtimeError" : null } }, { "Id" : "test2", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "299", "conditionText" : "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == CA10__AWS_Account_Regions__r.count(COMPLIANT)", "runtimeError" : null } }, { "Id" : "test3", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "399", "conditionText" : "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) > CA10__AWS_Account_Regions__r.count(COMPLIANT)", "runtimeError" : null } }, { "Id" : "test4", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "400", "conditionText" : "otherwise", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10A1__CaAwsSecurityHub__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10A1__account__c" : "test2", "Id" : "test2_3" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10A1__account__c" : "test3", "Id" : "test3_3" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10A1__account__c" : "test3", "Id" : "test3_4" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10A1__account__c" : "test4", "Id" : "test4_3" } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsAccountRegion__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "opt-in-not-required", "CA10__account__c" : "test1", "Id" : "test1_1" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "opt-in-not-required", "CA10__account__c" : "test1", "Id" : "test1_2" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "opt-in-not-required", "CA10__account__c" : "test2", "Id" : "test2_1" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "opt-in-not-required", "CA10__account__c" : "test3", "Id" : "test3_1" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "not-opted-in", "CA10__account__c" : "test3", "Id" : "test3_2" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "opt-in-not-required", "CA10__account__c" : "test4", "Id" : "test4_1" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "CA10__status__c" : "opt-in-not-required", "CA10__account__c" : "test4", "Id" : "test4_2" } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsAccount__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "Id" : "test1" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "Id" : "test2" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "Id" : "test3" }, { "context" : { "snapshotTime" : new Date("2025-10-24T05:35:18Z") }, "Id" : "test4" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAwsAccount__c( obj STRUCT< CA10A1__AWS_Security_Hubs__r ARRAY >>, CA10__AWS_Account_Regions__r ARRAY >>, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var references1 = []; // condition[0], conditionIndex:[0..99] if (false) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared()", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 = 0; if (obj.CA10A1__AWS_Security_Hubs__r != null) { for (var i3 = 0; i3 < obj.CA10A1__AWS_Security_Hubs__r.length; i3++) { if (typeof(obj.CA10A1__AWS_Security_Hubs__r[i3].status) !== 'undefined') { if (obj.CA10A1__AWS_Security_Hubs__r[i3].status == 'COMPLIANT') { count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 += obj.CA10A1__AWS_Security_Hubs__r[i3].count; } } else { if (obj.CA10A1__AWS_Security_Hubs__r[i3].result.status == 'COMPLIANT') { count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 += 1; } } } } // condition[1], conditionIndex:[100..199] references1.push('Related list [CA10A1__AWS_Security_Hubs__r] has ' + count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 + ' objects in COMPLIANT status'); if (count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 == 0.0) { return {status: 'INCOMPLIANT', conditionIndex: 199, conditionText: "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == number(0.0)", currentStateMessage: "The account does not have Security Hub enabled in any region.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10__AWS_Account_Regions__r_COMPLIANT4 = 0; if (obj.CA10__AWS_Account_Regions__r != null) { for (var i5 = 0; i5 < obj.CA10__AWS_Account_Regions__r.length; i5++) { if (typeof(obj.CA10__AWS_Account_Regions__r[i5].status) !== 'undefined') { if (obj.CA10__AWS_Account_Regions__r[i5].status == 'COMPLIANT') { count_CA10__AWS_Account_Regions__r_COMPLIANT4 += obj.CA10__AWS_Account_Regions__r[i5].count; } } else { if (obj.CA10__AWS_Account_Regions__r[i5].result.status == 'COMPLIANT') { count_CA10__AWS_Account_Regions__r_COMPLIANT4 += 1; } } } } var count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 = 0; if (obj.CA10A1__AWS_Security_Hubs__r != null) { for (var i6 = 0; i6 < obj.CA10A1__AWS_Security_Hubs__r.length; i6++) { if (typeof(obj.CA10A1__AWS_Security_Hubs__r[i6].status) !== 'undefined') { if (obj.CA10A1__AWS_Security_Hubs__r[i6].status == 'COMPLIANT') { count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 += obj.CA10A1__AWS_Security_Hubs__r[i6].count; } } else { if (obj.CA10A1__AWS_Security_Hubs__r[i6].result.status == 'COMPLIANT') { count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 += 1; } } } } // condition[2], conditionIndex:[200..299] references1.push('Related list [CA10__AWS_Account_Regions__r] has ' + count_CA10__AWS_Account_Regions__r_COMPLIANT4 + ' objects in COMPLIANT status'); if (count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 == count_CA10__AWS_Account_Regions__r_COMPLIANT4) { return {status: 'COMPLIANT', conditionIndex: 299, conditionText: "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) == CA10__AWS_Account_Regions__r.count(COMPLIANT)", currentStateMessage: "Security Hub is enabled in all active regions.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } var count_CA10__AWS_Account_Regions__r_COMPLIANT4 = 0; if (obj.CA10__AWS_Account_Regions__r != null) { for (var i8 = 0; i8 < obj.CA10__AWS_Account_Regions__r.length; i8++) { if (typeof(obj.CA10__AWS_Account_Regions__r[i8].status) !== 'undefined') { if (obj.CA10__AWS_Account_Regions__r[i8].status == 'COMPLIANT') { count_CA10__AWS_Account_Regions__r_COMPLIANT4 += obj.CA10__AWS_Account_Regions__r[i8].count; } } else { if (obj.CA10__AWS_Account_Regions__r[i8].result.status == 'COMPLIANT') { count_CA10__AWS_Account_Regions__r_COMPLIANT4 += 1; } } } } var count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 = 0; if (obj.CA10A1__AWS_Security_Hubs__r != null) { for (var i9 = 0; i9 < obj.CA10A1__AWS_Security_Hubs__r.length; i9++) { if (typeof(obj.CA10A1__AWS_Security_Hubs__r[i9].status) !== 'undefined') { if (obj.CA10A1__AWS_Security_Hubs__r[i9].status == 'COMPLIANT') { count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 += obj.CA10A1__AWS_Security_Hubs__r[i9].count; } } else { if (obj.CA10A1__AWS_Security_Hubs__r[i9].result.status == 'COMPLIANT') { count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 += 1; } } } } // condition[3], conditionIndex:[300..399] if (count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 != null && count_CA10__AWS_Account_Regions__r_COMPLIANT4 != null && count_CA10A1__AWS_Security_Hubs__r_COMPLIANT2 > count_CA10__AWS_Account_Regions__r_COMPLIANT4) { return {status: 'COMPLIANT', conditionIndex: 399, conditionText: "CA10A1__AWS_Security_Hubs__r.count(COMPLIANT) > CA10__AWS_Account_Regions__r.count(COMPLIANT)", currentStateMessage: "Security Hub is enabled in all regions including inactive regions.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } return {status: 'INCOMPLIANT', conditionIndex: 400, conditionText: "otherwise", currentStateMessage: "Security Hub is not enabled in all active regions.", currentStateReferences: references1.join('\n'), remediation: "Enable Security Hub in all active regions.", runtimeError: null}; """; CREATE TEMP FUNCTION process_CA10__AWS_Account_Regions__r( obj STRUCT< CA10__status__c STRING, CA10__account__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] if (false) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared()", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function fieldChecked4() { if (TextLib.isEmpty(obj.CA10__status__c)) { throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "CA10__status__c.isEmpty()", currentStateMessage: "Account Region status must be specified ", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__status__c; } function extract3() { if (!this.out) { this.out = fieldChecked4(); } return this.out; }; references1.push('Status [obj.CA10__status__c]: ' + obj.CA10__status__c); try { if (TextLib.notEqual(extract3.call(extract3), 'not-opted-in')) { return {status: 'COMPLIANT', conditionIndex: 199, conditionText: "extract('CA10__status__c') != 'not-opted-in'", currentStateMessage: "Active AWS account region.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } return {status: 'INAPPLICABLE', conditionIndex: 200, conditionText: "otherwise", currentStateMessage: "This AWS account region is not active.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; CREATE TEMP FUNCTION process_CA10A1__AWS_Security_Hubs__r( obj STRUCT< CA10A1__disappearanceTime__c TIMESTAMP, CA10A1__account__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js AS r""" var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10A1__disappearanceTime__c]: ' + obj.CA10A1__disappearanceTime__c); if (obj.CA10A1__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10A1__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } return {status: 'COMPLIANT', conditionIndex: 100, conditionText: "otherwise", currentStateMessage: "Security Hub is enabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT `CA10A1__AWS_Security_Hubs__r`.arr AS CA10A1__AWS_Security_Hubs__r, `CA10__AWS_Account_Regions__r`.arr AS CA10__AWS_Account_Regions__r, sObject.Id AS Id, process_CA10__CaAwsAccount__c( STRUCT( `CA10A1__AWS_Security_Hubs__r`.arr AS CA10A1__AWS_Security_Hubs__r, `CA10__AWS_Account_Regions__r`.arr AS CA10__AWS_Account_Regions__r, sObject.Id AS Id ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAwsAccount__c()) AS sObject LEFT JOIN ( SELECT sObject.CA10A1__account__c, ARRAY_AGG( STRUCT( sObject.CA10A1__disappearanceTime__c AS CA10A1__disappearanceTime__c, sObject.CA10A1__account__c AS CA10A1__account__c, sObject.Id AS Id, process_CA10A1__AWS_Security_Hubs__r( STRUCT( sObject.CA10A1__disappearanceTime__c AS CA10A1__disappearanceTime__c, sObject.CA10A1__account__c AS CA10A1__account__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result ) ) AS arr FROM UNNEST(mock_CA10A1__CaAwsSecurityHub__c()) AS sObject GROUP BY sObject.CA10A1__account__c ) AS `CA10A1__AWS_Security_Hubs__r` ON sObject.Id = `CA10A1__AWS_Security_Hubs__r`.CA10A1__account__c LEFT JOIN ( SELECT sObject.CA10__account__c, ARRAY_AGG( STRUCT( sObject.CA10__status__c AS CA10__status__c, sObject.CA10__account__c AS CA10__account__c, sObject.Id AS Id, process_CA10__AWS_Account_Regions__r( STRUCT( sObject.CA10__status__c AS CA10__status__c, sObject.CA10__account__c AS CA10__account__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result ) ) AS arr FROM UNNEST(mock_CA10__CaAwsAccountRegion__c()) AS sObject GROUP BY sObject.CA10__account__c ) AS `CA10__AWS_Account_Regions__r` ON sObject.Id = `CA10__AWS_Account_Regions__r`.CA10__account__c ) sObject ON sObject.Id = expectedResult.Id;