CIS-3.10-SecurityGroupChanges failed in AWS but passed here

[azhurbilo]

CIS-3.10-SecurityGroupChanges failed in AWS but passed here

previously when I set pattern which described in guide - CIS Score PASSED

pattern        = "{ $.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup }"

but when I add additional filter by terraform user CIS Score FAILED in AWS console.

pattern        = "{ ($.eventName = AuthorizeSecurityGroupIngress) || ($.eventName = AuthorizeSecurityGroupEgress) || ($.eventName = RevokeSecurityGroupIngress) || ($.eventName = RevokeSecurityGroupEgress) || ($.eventName = CreateSecurityGroup) || ($.eventName = DeleteSecurityGroup) && ($.userIdentity.userName NOT EXISTS || $.userIdentity.userName != \"terraform\") }"

But running "python aws-cis-foundation-benchmark-checklist.py" show that 3.10 Passed.

Where I can find real CIS score algorithms?
Can I extend rule pattern to filter false positives?