fix: revert asff arn and add documentation

[AndrewCharlesHay]

Description

This PR fixes the issues introduced in #2782. My understanding was that it was required to use the default ARN. This turns out not to be true. The PR fixes those issues and adds documentation for said issue as well as the required use of enable-import-findings-for-product

Related PRs

• fix: update ProductArn with account id #2782

Remove this section if you don't have related PRs.

Checklist

• I've read the guidelines for contributing to this repository.
• I've followed the conventions in the PR title.
• I've updated the documentation with the relevant information (if needed).
• I've added tests that prove my fix is effective or that my feature works.
• I've added usage information (if the PR introduces new options)
• I've included a "before" and "after" example to the description (if the PR is a user interface change).

[afdesk]

@AndrewCharlesHay it's my mistake too.
@knqyf263 was right (as usual)...
it seems we should use

"Product ARN": "arn:aws:securityhub:<REGION>::product/aquasecurity/aquasecurity"

because AWS Security Hub is already integrated with Aqua Cloud Native Security Platform:
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html

[AndrewCharlesHay]

@AndrewCharlesHay it's my mistake too. @knqyf263 was right (as usual)... it seems we should use

"Product ARN": "arn:aws:securityhub:<REGION>::product/aquasecurity/aquasecurity"

because AWS Security Hub is already integrated with Aqua Cloud Native Security Platform: https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-partner-providers.html

I am guessing that they are using something other than the CLI command batch-import-findings to upload results. I am still trying to figure it out but when I changed it to that it gives me
An error occurred (AccessDeniedException) when calling the BatchImportFindings operation: User: arn:aws:sts::744824939882:assumed-role/gitlab_runner_profile/i-006e1ff0266d6b132 is not authorized to perform: securityhub:BatchImportFindings on resource: arn:aws:securityhub:us-east-2::product/aquasecurity/aquasecurity with an explicit deny

[AndrewCharlesHay]

jk I think this is the answer
https://docs.aws.amazon.com/cli/latest/reference/securityhub/enable-import-findings-for-product.html

[AndrewCharlesHay]

In your defense of having the product name where it should be it is there for kube-bench

[AndrewCharlesHay]

Sorry yeah enable-import-findings-for-product was my issue 😓

[AndrewCharlesHay]

Sorry for the confusion @afdesk and @knqyf263

[knqyf263]

because AWS Security Hub is already integrated with Aqua Cloud Native Security Platform:

Yes, this is what I was concerned 😄 @afdesk Could you review it at last?

[afdesk]

@AndrewCharlesHay could you change a description for this PR?
it does'n look relevant
thanks a lot!

[AndrewCharlesHay]

@AndrewCharlesHay could you change a description for this PR? it does'n look relevant thanks a lot!

@afdesk
Updated it. Thanks!