Move from a single mozdef event containing all items in report_list to one event for each report in report_list
Move report from details key of audit_report to right into the root of details
Get rid of justified key in justification dict and instead only produce a justification dict if the issue is justified
Change `audit_issues` which is a list of dicts, to `issues` which is a list of numbered issues each of which contains a dict
This changes how the CloudTrail watcher functions so that it now keeps track
of all CloudTrails configured in each region and across all regions. Some of
this change is driven by the addition of the [AWS support for multiple
CloudTrails in each region](https://aws.amazon.com/blogs/aws/aws-cloudtrail-update-turn-on-in-all-regions-use-multiple-trails/).
This change enables the watcher to detect when a region is missing a
CloudTrail which writes to the Mozilla CloudTrail bucket and to detect when no
CloudTrail is configured to record GlobalServiceEvents like IAM events. The
watcher communicates these missing CloudTrails by creating fake/phantom items
in Security Monkey for these missing CloudTrails for the auditor to notice.
This is not an ideal method but I haven't come up with something better yet.
This changes the MozDef event structure from a single json blob describing all changes and issues observed in a given account to multiple events, one for each "item" found by a "watcher", if that item has "issues". This allows for more granular searches in MozDef of the data.
This also disabled alerting via email so all alerting now happens exclusively through MozDef
This fixes the issue where publishing non JSON serializable objects to MozDef causes errors. This fix converts datetime objects to iso formatted dates.
Gene Wood
Mozilla-GitHub-Standards