--- policy: /ce/ca/aws/guardduty/detector-runtime-monitoring logic: /ce/ca/aws/guardduty/detector-runtime-monitoring/prod.logic.yaml executionTime: 2026-02-10T22:32:56.518658919Z generationMs: 57 executionMs: 729 rows: - id: test1 match: true status: expected: UNDETERMINED actual: UNDETERMINED conditionIndex: expected: 201 actual: 201 conditionText: expected: CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty() actual: CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty() runtimeError: {} - id: test2 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 299 actual: 299 conditionText: expected: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\\ 'EKS_RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'" actual: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'EKS_RUNTIME_MONITORING\\\ '].status | [0]') == 'ENABLED'" runtimeError: {} - id: test3 match: true status: expected: INCOMPLIANT actual: INCOMPLIANT conditionIndex: expected: 399 actual: 399 conditionText: expected: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\\ 'RUNTIME_MONITORING\\'].status | [0]') == 'DISABLED'" actual: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\\ '].status | [0]') == 'DISABLED'" runtimeError: {} - id: test4 match: true status: expected: COMPLIANT actual: COMPLIANT conditionIndex: expected: 499 actual: 499 conditionText: expected: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\\ 'RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'" actual: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\\ '].status | [0]') == 'ENABLED'" runtimeError: {} - id: test5 match: true status: expected: INAPPLICABLE actual: INAPPLICABLE conditionIndex: expected: 199 actual: 199 conditionText: expected: extract('CA10__status__c') != 'ENABLED' actual: extract('CA10__status__c') != 'ENABLED' runtimeError: {} usedFiles: - path: /ce/ca/aws/guardduty/detector-runtime-monitoring/policy.yaml md5Hash: 1B0FB308AF20BCB59D5A3136DBFDDE38 content: "---\nnames:\n full: \"AWS GuardDuty Detector Runtime Monitoring is\ \ not enabled\"\n contextual: \"Detector Runtime Monitoring is not enabled\"\ \ndescription: >\n Runtime Monitoring observes and analyzes operating system-level,\ \ networking, and \n file events to help you detect potential threats in specific\ \ AWS workloads in \n your environment.\ntype: \"COMPLIANCE_POLICY\"\ncategories:\n\ \ - \"SECURITY\"\nframeworkMappings:\n - \"/frameworks/cloudaware/resource-security/threat-protection\"\ \n - \"/frameworks/aws-fsbp-v1.0.0/guardduty/07\"\n - \"/frameworks/aws-fsbp-v1.0.0/guardduty/11\"\ \n - \"/frameworks/aws-fsbp-v1.0.0/guardduty/12\"\n - \"/frameworks/aws-fsbp-v1.0.0/guardduty/13\"\ \nsimilarPolicies:\n awsSecurityHub:\n - name: \"[GuardDuty.7] GuardDuty\ \ EKS Runtime Monitoring should be enabled\"\n url: \"https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-7\"\ \n - name: \"[GuardDuty.11] GuardDuty Runtime Monitoring should be enabled\"\ \n url: \"https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-11\"\ \n - name: \"[GuardDuty.12] GuardDuty ECS Runtime Monitoring should be enabled\"\ \n url: \"https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-12\"\ \n - name: \"[GuardDuty.13] GuardDuty EC2 Runtime Monitoring should be enabled\"\ \n url: \"https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-13\"\ \n" - path: /ce/ca/aws/guardduty/detector-runtime-monitoring/prod.logic.yaml md5Hash: 45081F95A3B7D8524407DDA6DD38856E content: "---\ninputType: \"CA10__CaAwsGuardDutyDetector__c\"\ntestData:\n -\ \ file: \"test-data.json\"\nimportExtracts:\n - file: \"/types/CA10__CaAwsGuardDutyDetector__c/object.extracts.yaml\"\ \nconditions:\n - status: \"INAPPLICABLE\"\n currentStateMessage: \"This\ \ GuardDuty detector is not enabled.\"\n check:\n NOT_EQUAL:\n \ \ left:\n EXTRACT: \"CA10__status__c\"\n right:\n \ \ TEXT: \"ENABLED\"\n - status: \"INCOMPLIANT\"\n currentStateMessage:\ \ \"EKS Runtime Monitoring is enabled for this detector.\"\n remediationMessage:\ \ \"Migrate from EKS Runtime Monitoring to Runtime Monitoring.\"\n check:\n\ \ IS_EQUAL:\n left:\n JSON_QUERY_TEXT:\n expression:\ \ \"[?name=='EKS_RUNTIME_MONITORING'].status | [0]\" \n arg:\n \ \ EXTRACT: \"caJsonFrom__featuresJson__c\"\n undeterminedIf:\n\ \ evaluationError: \"Json query text has failed.\"\n \ \ resultTypeMismatch: \"Json query text did not return text type.\"\n \ \ right:\n TEXT: \"ENABLED\"\n - status: \"INCOMPLIANT\"\n \ \ currentStateMessage: \"Runtime Monitoring is not enabled for this detector.\"\ \n remediationMessage: \"Enable Runtime Monitoring to monitor runtime events.\"\ \n check:\n IS_EQUAL:\n left:\n JSON_QUERY_TEXT:\n \ \ expression: \"[?name=='RUNTIME_MONITORING'].status | [0]\" \n \ \ arg:\n EXTRACT: \"caJsonFrom__featuresJson__c\"\n \ \ undeterminedIf:\n evaluationError: \"Json query text\ \ has failed.\"\n resultTypeMismatch: \"Json query text did not\ \ return text type.\"\n right:\n TEXT: \"DISABLED\"\n - status:\ \ \"COMPLIANT\"\n currentStateMessage: \"Runtime Monitoring is enabled for\ \ this detector.\"\n check:\n IS_EQUAL:\n left:\n JSON_QUERY_TEXT:\n\ \ expression: \"[?name=='RUNTIME_MONITORING'].status | [0]\" \n \ \ arg:\n EXTRACT: \"caJsonFrom__featuresJson__c\"\n \ \ undeterminedIf:\n evaluationError: \"Json query text\ \ has failed.\"\n resultTypeMismatch: \"Json query text did not\ \ return text type.\"\n right:\n TEXT: \"ENABLED\"\notherwise:\n\ \ status: \"UNDETERMINED\"\n currentStateMessage: \"Unexpected values in the\ \ field.\"\n" - path: /ce/ca/aws/guardduty/detector-runtime-monitoring/test-data.json md5Hash: AEB24C1DE62AEE6776AC444BFBF0738B content: |- [ { "expectedResult": { "status": "UNDETERMINED", "conditionIndex": "201", "conditionText": "CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty()", "runtimeError": null }, "context": { "snapshotTime": "2025-10-27T23:40:39Z" }, "CA10__disappearanceTime__c": null, "CA10__status__c": "ENABLED", "CA10__featuresJson__c": "", "Id": "test1" }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "299", "conditionText": "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'EKS_RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'", "runtimeError": null }, "context": { "snapshotTime": "2025-10-27T23:40:39Z" }, "CA10__disappearanceTime__c": null, "CA10__status__c": "ENABLED", "CA10__featuresJson__c": "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RDS_LOGIN_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id": "test2" }, { "expectedResult": { "status": "INCOMPLIANT", "conditionIndex": "399", "conditionText": "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]') == 'DISABLED'", "runtimeError": null }, "context": { "snapshotTime": "2025-10-27T23:40:39Z" }, "CA10__disappearanceTime__c": null, "CA10__status__c": "ENABLED", "CA10__featuresJson__c": "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id": "test3" }, { "expectedResult": { "status": "COMPLIANT", "conditionIndex": "499", "conditionText": "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'", "runtimeError": null }, "context": { "snapshotTime": "2025-10-27T23:40:39Z" }, "CA10__disappearanceTime__c": null, "CA10__status__c": "ENABLED", "CA10__featuresJson__c": "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id": "test4" }, { "expectedResult": { "status": "INAPPLICABLE", "conditionIndex": "199", "conditionText": "extract('CA10__status__c') != 'ENABLED'", "runtimeError": null }, "context": { "snapshotTime": "2025-10-27T23:40:39Z" }, "CA10__disappearanceTime__c": null, "CA10__status__c": "DISABLED", "CA10__featuresJson__c": "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RDS_LOGIN_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id": "test5" } ] - path: /types/CA10__CaAwsGuardDutyDetector__c/object.extracts.yaml md5Hash: 8B76173EB0902B7F969958A52EDB9AD5 content: |- --- extracts: # Values: ENABLED | DISABLED. Not Nullable. - name: "CA10__status__c" value: FIELD: path: "CA10__status__c" undeterminedIf: noAccessDelegate: path: "CA10__status__c" currentStateMessage: "The status cannot be empty. Possible permission issue with guardduty:GetDetector." - name: "CA10__dataSourcesJson__c" value: FIELD: path: "CA10__dataSourcesJson__c" undeterminedIf: noAccessDelegate: path: "CA10__dataSourcesJson__c" currentStateMessage: "The Data Sources cannot be empty. Possible permission issue with guardduty:GetDetector." - name: "caJsonFrom__dataSourcesJson__c" value: JSON_FROM: arg: EXTRACT: "CA10__dataSourcesJson__c" undeterminedIf: isInvalid: "The Data Sources JSON is invalid." - name: "CA10__featuresJson__c" value: FIELD: path: "CA10__featuresJson__c" undeterminedIf: noAccessDelegate: path: "CA10__featuresJson__c" currentStateMessage: "The Features cannot be empty. Possible permission issue with guardduty:GetDetector." - name: "caJsonFrom__featuresJson__c" value: JSON_FROM: arg: EXTRACT: "CA10__featuresJson__c" undeterminedIf: isInvalid: "The Data Sources JSON is invalid." script: |- CREATE TEMP FUNCTION mock_ExpectedResult() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "Id" : "test1", "expectedResult" : { "status" : "UNDETERMINED", "conditionIndex" : "201", "conditionText" : "CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty()", "runtimeError" : null } }, { "Id" : "test2", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "299", "conditionText" : "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'EKS_RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'", "runtimeError" : null } }, { "Id" : "test3", "expectedResult" : { "status" : "INCOMPLIANT", "conditionIndex" : "399", "conditionText" : "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]') == 'DISABLED'", "runtimeError" : null } }, { "Id" : "test4", "expectedResult" : { "status" : "COMPLIANT", "conditionIndex" : "499", "conditionText" : "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'", "runtimeError" : null } }, { "Id" : "test5", "expectedResult" : { "status" : "INAPPLICABLE", "conditionIndex" : "199", "conditionText" : "extract('CA10__status__c') != 'ENABLED'", "runtimeError" : null } } ]; """; CREATE TEMP FUNCTION mock_CA10__CaAwsGuardDutyDetector__c() RETURNS ARRAY >> DETERMINISTIC LANGUAGE js AS r""" return [ { "context" : { "snapshotTime" : new Date("2025-10-27T23:40:39Z") }, "CA10__status__c" : "ENABLED", "CA10__featuresJson__c" : "", "Id" : "test1" }, { "context" : { "snapshotTime" : new Date("2025-10-27T23:40:39Z") }, "CA10__status__c" : "ENABLED", "CA10__featuresJson__c" : "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RDS_LOGIN_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id" : "test2" }, { "context" : { "snapshotTime" : new Date("2025-10-27T23:40:39Z") }, "CA10__status__c" : "ENABLED", "CA10__featuresJson__c" : "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id" : "test3" }, { "context" : { "snapshotTime" : new Date("2025-10-27T23:40:39Z") }, "CA10__status__c" : "ENABLED", "CA10__featuresJson__c" : "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561334,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1748550108,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id" : "test4" }, { "context" : { "snapshotTime" : new Date("2025-10-27T23:40:39Z") }, "CA10__status__c" : "DISABLED", "CA10__featuresJson__c" : "[{\"name\":\"CLOUD_TRAIL\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"DNS_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"FLOW_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1761561357,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"S3_DATA_EVENTS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_AUDIT_LOGS\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EBS_MALWARE_PROTECTION\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RDS_LOGIN_EVENTS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EKS_RUNTIME_MONITORING\",\"status\":\"ENABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]},{\"name\":\"LAMBDA_NETWORK_LOGS\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353481,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"RUNTIME_MONITORING\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}},\"additionalConfiguration\":[{\"name\":\"EKS_ADDON_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"ECS_FARGATE_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}},{\"name\":\"EC2_AGENT_MANAGEMENT\",\"status\":\"DISABLED\",\"updatedAt\":{\"iMillis\":1759353468,\"iChronology\":{\"iBase\":{\"iMinDaysInFirstWeek\":4}}}}]}]", "Id" : "test5" } ]; """; CREATE TEMP FUNCTION process_CA10__CaAwsGuardDutyDetector__c( obj STRUCT< CA10__disappearanceTime__c TIMESTAMP, CA10__status__c STRING, CA10__featuresJson__c STRING, Id STRING >, snapshotTime TIMESTAMP ) RETURNS STRUCT DETERMINISTIC LANGUAGE js OPTIONS (library=['gs://compliance-platform-public/jmespath.min.js']) AS r""" var BytesLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg; }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var TextLib = new function () { this.normalize = function(arg) { return arg == null ? '' : arg.replace(/\s+/g, ' ').trim().toLowerCase(); }; this.isEmpty = function(arg) { return this.normalize(arg) == ''; }; this.isNotEmpty = function(arg) { return this.normalize(arg) != ''; }; this.equal = function(left, right) { return this.normalize(left) == this.normalize(right); }; this.notEqual = function(left, right) { return this.normalize(left) != this.normalize(right); }; this.startsWith = function(arg, substring) { return this.normalize(arg).startsWith(this.normalize(substring)); }; this.endsWith = function(arg, substring) { return this.normalize(arg).endsWith(this.normalize(substring)); }; this.contains = function(arg, substring) { return this.normalize(arg).includes(this.normalize(substring)); }; this.containsAll = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.every(sub => normalizedArg.includes(this.normalize(sub))); }; this.containsAny = function(arg, substrings) { if (substrings == null || substrings.length === 0) return false; let normalizedArg = this.normalize(arg); return substrings.some(sub => normalizedArg.includes(this.normalize(sub))); }; }(); var references1 = []; // condition[0], conditionIndex:[0..99] references1.push('Deleted From AWS [CA10__disappearanceTime__c]: ' + obj.CA10__disappearanceTime__c); if (obj.CA10__disappearanceTime__c != null) { return {status: 'DISAPPEARED', conditionIndex: 99, conditionText: "isDisappeared(CA10__disappearanceTime__c)", currentStateMessage: "Object is deleted in the source", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } // condition[1], conditionIndex:[100..199] function fieldChecked4() { if (TextLib.isEmpty(obj.CA10__status__c)) { throw new Error("UNDETERMINED condition:101", {cause: {status: 'UNDETERMINED', conditionIndex: 101, conditionText: "CA10__status__c.delegatedTo(CA10__status__c).isEmpty()", currentStateMessage: "The status cannot be empty. Possible permission issue with guardduty:GetDetector.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__status__c; } function extract3() { if (!this.out) { this.out = fieldChecked4(); } return this.out; }; references1.push('Status [obj.CA10__status__c]: ' + obj.CA10__status__c); try { if (TextLib.notEqual(extract3.call(extract3), 'ENABLED')) { return {status: 'INAPPLICABLE', conditionIndex: 199, conditionText: "extract('CA10__status__c') != 'ENABLED'", currentStateMessage: "This GuardDuty detector is not enabled.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } // condition[2], conditionIndex:[200..299] function jsonQueryChecked5() { var input = extract7.call(extract7); var out; try { out = jmespath.search(input, '[?name==\'EKS_RUNTIME_MONITORING\'].status | [0]'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:203", {cause: {status: 'UNDETERMINED', conditionIndex: 203, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'EKS_RUNTIME_MONITORING\\'].status | [0]').isResultTypeMismatch()", currentStateMessage: "Json query text did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:204", {cause: {status: 'UNDETERMINED', conditionIndex: 204, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'EKS_RUNTIME_MONITORING\\'].status | [0]').isEvaluationFailed()", currentStateMessage: "Json query text has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked8() { var input = extract10.call(extract10); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:202", {cause: {status: 'UNDETERMINED', conditionIndex: 202, conditionText: "extract('CA10__featuresJson__c').asJson().isInvalid()", currentStateMessage: "The Data Sources JSON is invalid.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked11() { if (BytesLib.isEmpty(obj.CA10__featuresJson__c)) { throw new Error("UNDETERMINED condition:201", {cause: {status: 'UNDETERMINED', conditionIndex: 201, conditionText: "CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty()", currentStateMessage: "The Features cannot be empty. Possible permission issue with guardduty:GetDetector.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__featuresJson__c; } function extract10() { if (!this.out) { this.out = fieldChecked11(); } return this.out; }; function extract7() { if (!this.out) { this.out = jsonChecked8(); } return this.out; }; references1.push('Features JSON [obj.CA10__featuresJson__c]: ' + obj.CA10__featuresJson__c); try { if (TextLib.equal(jsonQueryChecked5(), 'ENABLED')) { return {status: 'INCOMPLIANT', conditionIndex: 299, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'EKS_RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'", currentStateMessage: "EKS Runtime Monitoring is enabled for this detector.", currentStateReferences: references1.join('\n'), remediation: "Migrate from EKS Runtime Monitoring to Runtime Monitoring.", runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } // condition[3], conditionIndex:[300..399] function jsonQueryChecked12() { var input = extract14.call(extract14); var out; try { out = jmespath.search(input, '[?name==\'RUNTIME_MONITORING\'].status | [0]'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:303", {cause: {status: 'UNDETERMINED', conditionIndex: 303, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]').isResultTypeMismatch()", currentStateMessage: "Json query text did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:304", {cause: {status: 'UNDETERMINED', conditionIndex: 304, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]').isEvaluationFailed()", currentStateMessage: "Json query text has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked15() { var input = extract17.call(extract17); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:302", {cause: {status: 'UNDETERMINED', conditionIndex: 302, conditionText: "extract('CA10__featuresJson__c').asJson().isInvalid()", currentStateMessage: "The Data Sources JSON is invalid.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked18() { if (BytesLib.isEmpty(obj.CA10__featuresJson__c)) { throw new Error("UNDETERMINED condition:301", {cause: {status: 'UNDETERMINED', conditionIndex: 301, conditionText: "CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty()", currentStateMessage: "The Features cannot be empty. Possible permission issue with guardduty:GetDetector.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__featuresJson__c; } function extract17() { if (!this.out) { this.out = fieldChecked18(); } return this.out; }; function extract14() { if (!this.out) { this.out = jsonChecked15(); } return this.out; }; try { if (TextLib.equal(jsonQueryChecked12(), 'DISABLED')) { return {status: 'INCOMPLIANT', conditionIndex: 399, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]') == 'DISABLED'", currentStateMessage: "Runtime Monitoring is not enabled for this detector.", currentStateReferences: references1.join('\n'), remediation: "Enable Runtime Monitoring to monitor runtime events.", runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } // condition[4], conditionIndex:[400..499] function jsonQueryChecked19() { var input = extract21.call(extract21); var out; try { out = jmespath.search(input, '[?name==\'RUNTIME_MONITORING\'].status | [0]'); if (out != null && typeof out != 'string') { throw new Error("UNDETERMINED condition:403", {cause: {status: 'UNDETERMINED', conditionIndex: 403, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]').isResultTypeMismatch()", currentStateMessage: "Json query text did not return text type.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } } catch (e) { throw new Error("UNDETERMINED condition:404", {cause: {status: 'UNDETERMINED', conditionIndex: 404, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]').isEvaluationFailed()", currentStateMessage: "Json query text has failed.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function jsonChecked22() { var input = extract24.call(extract24); input = TextLib.isEmpty(input) ? null : input; var out; try { out = JSON.parse(input); } catch (e) { throw new Error("UNDETERMINED condition:402", {cause: {status: 'UNDETERMINED', conditionIndex: 402, conditionText: "extract('CA10__featuresJson__c').asJson().isInvalid()", currentStateMessage: "The Data Sources JSON is invalid.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: e.message}}); } return out; } function fieldChecked25() { if (BytesLib.isEmpty(obj.CA10__featuresJson__c)) { throw new Error("UNDETERMINED condition:401", {cause: {status: 'UNDETERMINED', conditionIndex: 401, conditionText: "CA10__featuresJson__c.delegatedTo(CA10__featuresJson__c).isEmpty()", currentStateMessage: "The Features cannot be empty. Possible permission issue with guardduty:GetDetector.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}}); } return obj.CA10__featuresJson__c; } function extract24() { if (!this.out) { this.out = fieldChecked25(); } return this.out; }; function extract21() { if (!this.out) { this.out = jsonChecked22(); } return this.out; }; try { if (TextLib.equal(jsonQueryChecked19(), 'ENABLED')) { return {status: 'COMPLIANT', conditionIndex: 499, conditionText: "extract('caJsonFrom__featuresJson__c').jsonQueryText('[?name==\\'RUNTIME_MONITORING\\'].status | [0]') == 'ENABLED'", currentStateMessage: "Runtime Monitoring is enabled for this detector.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; } } catch (err) { if (err.cause && err.cause.status) { return err.cause; } else { throw err; } } return {status: 'UNDETERMINED', conditionIndex: 500, conditionText: "otherwise", currentStateMessage: "Unexpected values in the field.", currentStateReferences: references1.join('\n'), remediation: null, runtimeError: null}; """; SELECT expectedResult.Id as Id, IF ( IFNULL(expectedResult.expectedResult.status, '') = IFNULL(sObject.result.status, '') AND IFNULL(expectedResult.expectedResult.conditionIndex, -1) = IFNULL(sObject.result.conditionIndex, -1) AND IFNULL(expectedResult.expectedResult.conditionText, '') = IFNULL(sObject.result.conditionText, '') AND IFNULL(expectedResult.expectedResult.runtimeError, '') = IFNULL(sObject.result.runtimeError, ''), "MATCH", "FAIL" ) as match, expectedResult.expectedResult.status as expectedStatus, sObject.result.status as actualStatus, expectedResult.expectedResult.conditionIndex as expectedConditionIndex, sObject.result.conditionIndex as actualConditionIndex, expectedResult.expectedResult.conditionText as expectedConditionText, sObject.result.conditionText as actualConditionText, expectedResult.expectedResult.runtimeError as expectedRuntimeError, sObject.result.runtimeError as actualRuntimeError FROM UNNEST(mock_ExpectedResult()) expectedResult LEFT JOIN ( SELECT sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__status__c AS CA10__status__c, sObject.CA10__featuresJson__c AS CA10__featuresJson__c, sObject.Id AS Id, process_CA10__CaAwsGuardDutyDetector__c( STRUCT( sObject.CA10__disappearanceTime__c AS CA10__disappearanceTime__c, sObject.CA10__status__c AS CA10__status__c, sObject.CA10__featuresJson__c AS CA10__featuresJson__c, sObject.Id AS Id ), sObject.context.snapshotTime ) as result FROM UNNEST(mock_CA10__CaAwsGuardDutyDetector__c()) AS sObject ) sObject ON sObject.Id = expectedResult.Id;