fix: update ProductArn with account id

[AndrewCharlesHay]

Description

Related issues

• Close Incorrect Product ARN #2781

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've updated the documentation with the relevant information (if needed).
• I've added tests that prove my fix is effective or that my feature works.
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[CLAassistant]

All committers have signed the CLA.

[CLAassistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[afdesk]

@AndrewCharlesHay thanks a lot for your efforts and your PR. It's really cool.

[AndrewCharlesHay]

@afdesk do you have approval permissions?

[afdesk]

approved. thanks

[knqyf263]

@AndrewCharlesHay I'm sorry, but CLA assistant seems to have an issue and all the signs were reset. Do you mind if I ask you to sign it again?

[AndrewCharlesHay]

@AndrewCharlesHay I'm sorry, but CLA assistant seems to have an issue and all the signs were reset. Do you mind if I ask you to sign it again?

@knqyf263 How do I sign it? I don't really know what that means

[AndrewCharlesHay]

I made both of those commits using the Github web vscode. It looks like the are signed. I don't know how I would sign it again

[AndrewCharlesHay]

Nevermind I think I got it. Should be good now I think

[AndrewCharlesHay]

@afdesk Sorry I added documentation I guess that made your approval expire. Could you reapprove when you get a chance please

[AndrewCharlesHay]

Thank you!! @afdesk

[AndrewCharlesHay]

@knqyf263 Is the signing good?

[AndrewCharlesHay]

@afdesk Are you able to merge this?

[afdesk]

@afdesk Are you able to merge this?

no, I have no permissions to merge

[knqyf263]

I'm not familiar with ASFF, but don't we need to keep it aquasecurity/aquasecurity?
https://github.com/aws-samples/aws-security-hub-scan-with-trivy/blob/49ca23f242603dd1b8043f22b670c5323d92b6da/sechub_parser.py#L74

[knqyf263]

I remember there is permission importing findings to Security Hub. Isn't the ProductArn relevant?

[afdesk]

@knqyf263 I took a loot at the documentation
https://docs.aws.amazon.com/service-authorization/latest/reference/list_awssecurityhub.html

and found next definition of resource type product:

arn:${Partition}:securityhub:${Region}:${Account}:product/${Company}/${ProductId}

[knqyf263]

@AndrewCharlesHay After you changed ProductArn, did you confirm the ASFF file could be imported into Security Hub?

[AndrewCharlesHay]

Yeah I have local version of this file with just the arn changed and I am able to upload to Security Hub

[AndrewCharlesHay]

It looks like that repo was abandoned in 2020 after it was made, but I made a PR ^ to be in line with these changes

[AndrewCharlesHay]

@knqyf263 and @afdesk Thank you! 🥳