feat(new_check): cloudwatch_log_group_no_secrets_in_logs (#1980)

Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
Co-authored-by: Pepe Fagoaga <pepe@verica.io>
Co-authored-by: Jeffrey Souza <JeffreySouza@users.noreply.github.com>

prowler/lib/utils/utils.py

@@ -1,10 +1,15 @@
 import json
+import os
 import sys
+import tempfile
 from hashlib import sha512
 from io import TextIOWrapper
 from os.path import exists
 from typing import Any
 
+from detect_secrets import SecretsCollection
+from detect_secrets.settings import default_settings
+
 from prowler.lib.logger import logger
 
 
@@ -49,3 +54,20 @@ def file_exists(filename: str):
 # create sha512 hash for string
 def hash_sha512(string: str) -> str:
     return sha512(string.encode("utf-8")).hexdigest()[0:9]
+
+
+def detect_secrets_scan(data):
+    temp_data_file = tempfile.NamedTemporaryFile(delete=False)
+    temp_data_file.write(bytes(data, encoding="raw_unicode_escape"))
+    temp_data_file.close()
+
+    secrets = SecretsCollection()
+    with default_settings():
+        secrets.scan_file(temp_data_file.name)
+    os.remove(temp_data_file.name)
+
+    detect_secrets_output = secrets.json()
+    if detect_secrets_output:
+        return detect_secrets_output[temp_data_file.name]
+    else:
+        return None

prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.metadata.json

@@ -0,0 +1,39 @@
+{
+  "Provider": "aws",
+  "CheckID": "cloudwatch_log_group_no_secrets_in_logs",
+  "CheckTitle": "Check if secrets exists in CloudWatch logs.",
+  "CheckType": [
+    "Protect",
+    "Secure development"
+  ],
+  "ServiceName": "cloudwatch",
+  "SubServiceName": "",
+  "ResourceIdTemplate": "arn:partition:cloudwatch:region:account-id:log-group/resource-id",
+  "Severity": "medium",
+  "ResourceType": "AwsCloudTrailLogGroup",
+  "Description": "Check if secrets exists in CloudWatch logs",
+  "Risk": "Storing sensitive data in CloudWatch logs could allow an attacker with read-only access to escalate their privileges or gain unauthorised access to systems.",
+  "RelatedUrl": "https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudwatch-alarms-for-cloudtrail.html",
+  "Remediation": {
+    "Code": {
+      "CLI": "",
+      "NativeIaC": "",
+      "Other": "",
+      "Terraform": ""
+    },
+    "Recommendation": {
+      "Text": "It is recommended that sensitive information is not logged to CloudWatch logs. Alternatively, sensitive data may be masked using a protection policy",
+      "Url": "https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/mask-sensitive-log-data.html"
+    }
+  },
+  "Categories": [
+    "secrets"
+  ],
+  "Tags": {
+    "Tag1Key": "value",
+    "Tag2Key": "value"
+  },
+  "DependsOn": [],
+  "RelatedTo": [],
+  "Notes": ""
+}

prowler/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs.py

@@ -0,0 +1,102 @@
+from json import dumps, loads
+
+from prowler.lib.check.models import Check, Check_Report_AWS
+from prowler.lib.utils.utils import detect_secrets_scan
+from prowler.providers.aws.services.cloudwatch.cloudwatch_service import (
+    convert_to_cloudwatch_timestamp_format,
+)
+from prowler.providers.aws.services.cloudwatch.logs_client import logs_client
+
+
+class cloudwatch_log_group_no_secrets_in_logs(Check):
+    def execute(self):
+        findings = []
+        for log_group in logs_client.log_groups:
+            report = Check_Report_AWS(self.metadata())
+            report.status = "PASS"
+            report.status_extended = f"No secrets found in {log_group.name} log group."
+            report.region = log_group.region
+            report.resource_id = log_group.name
+            report.resource_arn = log_group.arn
+            log_group_secrets = []
+            if log_group.log_streams:
+                for log_stream_name in log_group.log_streams:
+                    log_stream_secrets = {}
+                    log_stream_data = "\n".join(
+                        [
+                            dumps(event["message"])
+                            for event in log_group.log_streams[log_stream_name]
+                        ]
+                    )
+                    log_stream_secrets_output = detect_secrets_scan(log_stream_data)
+
+                    if log_stream_secrets_output:
+                        for secret in log_stream_secrets_output:
+                            flagged_event = log_group.log_streams[log_stream_name][
+                                secret["line_number"] - 1
+                            ]
+                            cloudwatch_timestamp = (
+                                convert_to_cloudwatch_timestamp_format(
+                                    flagged_event["timestamp"]
+                                )
+                            )
+                            if cloudwatch_timestamp not in log_stream_secrets.keys():
+                                log_stream_secrets[cloudwatch_timestamp] = SecretsDict()
+
+                            try:
+                                log_event_data = dumps(
+                                    loads(flagged_event["message"]), indent=2
+                                )
+                            except Exception:
+                                log_event_data = dumps(
+                                    flagged_event["message"], indent=2
+                                )
+                            if len(log_event_data.split("\n")) > 1:
+                                # Can get more informative output if there is more than 1 line.
+                                # Will rescan just this event to get the type of secret and the line number
+                                event_detect_secrets_output = detect_secrets_scan(
+                                    log_event_data
+                                )
+                                for secret in event_detect_secrets_output:
+                                    log_stream_secrets[cloudwatch_timestamp].add_secret(
+                                        secret["line_number"], secret["type"]
+                                    )
+                            else:
+                                log_stream_secrets[cloudwatch_timestamp].add_secret(
+                                    1, secret["type"]
+                                )
+                    if log_stream_secrets:
+                        secrets_string = "; ".join(
+                            [
+                                f"at {timestamp} - {log_stream_secrets[timestamp].to_string()}"
+                                for timestamp in log_stream_secrets
+                            ]
+                        )
+                        log_group_secrets.append(
+                            f"in log stream {log_stream_name} {secrets_string}"
+                        )
+            if log_group_secrets:
+                secrets_string = "; ".join(log_group_secrets)
+                report.status = "FAIL"
+                report.status_extended = f"Potential secrets found in log group {log_group.name} {secrets_string}"
+            findings.append(report)
+        return findings
+
+
+class SecretsDict(dict):
+    # Using this dict to remove duplicates of the secret type showing up multiple times on the same line
+    # Also includes the to_string method
+    def add_secret(self, line_number, secret_type):
+        if line_number not in self.keys():
+            self[line_number] = [secret_type]
+        else:
+            if secret_type not in self[line_number]:
+                self[line_number] += [secret_type]
+
+    def to_string(self):
+        return ", ".join(
+            [
+                f"{', '.join(secret_types)} on line {line_number}"
+                for line_number, secret_types in sorted(self.items())
+            ]
+        )

prowler/providers/aws/services/cloudwatch/cloudwatch_service.py

@@ -1,4 +1,5 @@
 import threading
+from datetime import datetime, timezone
 from typing import Optional
 
 from pydantic import BaseModel
@@ -93,6 +94,14 @@ class Logs:
         self.log_groups = []
         self.__threading_call__(self.__describe_metric_filters__)
         self.__threading_call__(self.__describe_log_groups__)
+        if (
+            "cloudwatch_log_group_no_secrets_in_logs"
+            in audit_info.audit_metadata.expected_checks
+        ):
+            self.events_per_log_group_threshold = (
+                1000  # The threshold for number of events to return per log group.
+            )
+            self.__threading_call__(self.__get_log_events__)
         self.__list_tags_for_resource__()
 
     def __get_session__(self):
@@ -108,7 +117,7 @@ class Logs:
             t.join()
 
     def __describe_metric_filters__(self, regional_client):
-        logger.info("CloudWatch Logs- Describing metric filters...")
+        logger.info("CloudWatch Logs - Describing metric filters...")
         try:
             describe_metric_filters_paginator = regional_client.get_paginator(
                 "describe_metric_filters"
@@ -133,7 +142,7 @@ class Logs:
             )
 
     def __describe_log_groups__(self, regional_client):
-        logger.info("CloudWatch Logs- Describing log groups...")
+        logger.info("CloudWatch Logs - Describing log groups...")
         try:
             describe_log_groups_paginator = regional_client.get_paginator(
                 "describe_log_groups"
@@ -163,6 +172,38 @@ class Logs:
                 f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
             )
 
+    def __get_log_events__(self, regional_client):
+        regional_log_groups = [
+            log_group
+            for log_group in self.log_groups
+            if log_group.region == regional_client.region
+        ]
+        total_log_groups = len(regional_log_groups)
+        logger.info(
+            f"CloudWatch Logs - Retrieving log events for {total_log_groups} log groups in {regional_client.region}..."
+        )
+        try:
+            for count, log_group in enumerate(regional_log_groups, start=1):
+                events = regional_client.filter_log_events(
+                    logGroupName=log_group.name,
+                    limit=self.events_per_log_group_threshold,
+                )["events"]
+                for event in events:
+                    if event["logStreamName"] not in log_group.log_streams:
+                        log_group.log_streams[event["logStreamName"]] = []
+                    log_group.log_streams[event["logStreamName"]].append(event)
+                if count % 10 == 0:
+                    logger.info(
+                        f"CloudWatch Logs - Retrieved log events for {count}/{total_log_groups} log groups in {regional_client.region}..."
+                    )
+        except Exception as error:
+            logger.error(
+                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
+            )
+        logger.info(
+            f"CloudWatch Logs - Finished retrieving log events in {regional_client.region}..."
+        )
+
     def __list_tags_for_resource__(self):
         logger.info("CloudWatch Logs - List Tags...")
         try:
@@ -201,4 +242,24 @@ class LogGroup(BaseModel):
     retention_days: int
     kms_id: Optional[str]
     region: str
+    log_streams: dict[
+        str, list[str]
+    ] = {}  # Log stream name as the key, array of events as the value
     tags: Optional[list] = []
+
+
+def convert_to_cloudwatch_timestamp_format(epoch_time):
+    date_time = datetime.fromtimestamp(
+        epoch_time / 1000, datetime.now(timezone.utc).astimezone().tzinfo
+    )
+    datetime_str = date_time.strftime(
+        "%Y-%m-%dT%H:%M:%S.!%f!%z"
+    )  # use exclamation marks as placeholders to convert datetime str to cloudwatch timestamp str
+    datetime_parts = datetime_str.split("!")
+    return (
+        datetime_parts[0]
+        + datetime_parts[1][:-3]
+        + datetime_parts[2][:-2]
+        + ":"
+        + datetime_parts[2][-2:]
+    )  # Removes the microseconds, and places a ':' character in the timezone offset

tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_cross_account_sharing_disabled/cloudwatch_cross_account_sharing_disabled_test.py

@@ -11,8 +11,16 @@ class Test_cloudwatch_cross_account_sharing_disabled:
     def test_cloudwatch_without_cross_account_role(self):
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.iam.iam_service import IAM
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client",
@@ -44,8 +52,16 @@ class Test_cloudwatch_cross_account_sharing_disabled:
         )
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.iam.iam_service import IAM
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_cross_account_sharing_disabled.cloudwatch_cross_account_sharing_disabled.iam_client",

tests/providers/aws/services/cloudwatch/cloudwatch_log_group_kms_encryption_enabled/cloudwatch_log_group_kms_encryption_enabled_test.py

@@ -10,8 +10,16 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
     def test_cloudwatch_no_log_groups(self):
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client",
@@ -37,8 +45,16 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
         )
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client",
@@ -68,8 +84,16 @@ class Test_cloudwatch_log_group_kms_encryption_enabled:
         logs_client.create_log_group(logGroupName="test", kmsKeyId="test_kms_id")
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_kms_encryption_enabled.cloudwatch_log_group_kms_encryption_enabled.logs_client",

tests/providers/aws/services/cloudwatch/cloudwatch_log_group_no_secrets_in_logs/cloudwatch_log_group_no_secrets_in_logs_test.py

@@ -0,0 +1,129 @@
+from re import search
+from unittest import mock
+
+from boto3 import client
+from moto import mock_logs
+from moto.core.utils import unix_time_millis
+
+AWS_REGION = "us-east-1"
+
+
+class Test_cloudwatch_log_group_no_secrets_in_logs:
+    def test_cloudwatch_no_log_groups(self):
+        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
+        from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
+
+        current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
+
+        with mock.patch(
+            "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client",
+            new=Logs(current_audit_info),
+        ):
+            # Test Check
+            from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs import (
+                cloudwatch_log_group_no_secrets_in_logs,
+            )
+
+            check = cloudwatch_log_group_no_secrets_in_logs()
+            result = check.execute()
+
+            assert len(result) == 0
+
+    @mock_logs
+    def test_cloudwatch_log_group_without_secrets(self):
+        # Generate Logs Client
+        logs_client = client("logs", region_name=AWS_REGION)
+        # Request Logs group
+        logs_client.create_log_group(logGroupName="test")
+        logs_client.create_log_stream(logGroupName="test", logStreamName="test stream")
+        logs_client.put_log_events(
+            logGroupName="test",
+            logStreamName="test stream",
+            logEvents=[{"timestamp": 0, "message": "line"}],
+        )
+        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
+        from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
+
+        current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
+
+        with mock.patch(
+            "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client",
+            new=Logs(current_audit_info),
+        ):
+            # Test Check
+            from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs import (
+                cloudwatch_log_group_no_secrets_in_logs,
+            )
+
+            check = cloudwatch_log_group_no_secrets_in_logs()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "PASS"
+            assert result[0].status_extended == "No secrets found in test log group."
+            assert result[0].resource_id == "test"
+
+    @mock_logs
+    def test_cloudwatch_log_group_with_secrets(self):
+        # Generate Logs Client
+        logs_client = client("logs", region_name=AWS_REGION)
+        # Request Logs group
+        logs_client.create_log_group(logGroupName="test")
+        logs_client.create_log_stream(logGroupName="test", logStreamName="test stream")
+        logs_client.put_log_events(
+            logGroupName="test",
+            logStreamName="test stream",
+            logEvents=[
+                {
+                    "timestamp": int(unix_time_millis()),
+                    "message": "password = password123",
+                }
+            ],
+        )
+        from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
+        from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
+
+        current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
+
+        with mock.patch(
+            "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs.logs_client",
+            new=Logs(current_audit_info),
+        ):
+            # Test Check
+            from prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_no_secrets_in_logs.cloudwatch_log_group_no_secrets_in_logs import (
+                cloudwatch_log_group_no_secrets_in_logs,
+            )
+
+            check = cloudwatch_log_group_no_secrets_in_logs()
+            result = check.execute()
+
+            assert len(result) == 1
+            assert result[0].status == "FAIL"
+            assert search(
+                "Potential secrets found in log group", result[0].status_extended
+            )
+            assert result[0].resource_id == "test"

tests/providers/aws/services/cloudwatch/cloudwatch_log_group_retention_policy_specific_days_enabled/cloudwatch_log_group_retention_policy_specific_days_enabled_test.py

@@ -10,8 +10,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
     def test_cloudwatch_no_log_groups(self):
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
@@ -37,8 +45,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
         )
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
@@ -71,8 +87,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
         logs_client.put_retention_policy(logGroupName="test", retentionInDays=400)
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",
@@ -105,8 +129,16 @@ class Test_cloudwatch_log_group_retention_policy_specific_days_enabled:
         logs_client.put_retention_policy(logGroupName="test", retentionInDays=7)
         from prowler.providers.aws.lib.audit_info.audit_info import current_audit_info
         from prowler.providers.aws.services.cloudwatch.cloudwatch_service import Logs
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
 
         with mock.patch(
             "prowler.providers.aws.services.cloudwatch.cloudwatch_log_group_retention_policy_specific_days_enabled.cloudwatch_log_group_retention_policy_specific_days_enabled.logs_client",

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -66,8 +74,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -121,8 +137,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -188,8 +212,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -267,8 +299,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -346,8 +386,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -66,8 +74,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -121,8 +137,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -188,8 +212,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -267,8 +299,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -346,8 +386,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_aws_organizations_changes:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk/cloudwatch_log_metric_filter_disable_or_scheduled_deletion_of_kms_cmk_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -66,8 +74,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -121,8 +137,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -188,8 +212,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -267,8 +299,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -346,8 +386,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls_test.py

@@ -17,8 +17,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -64,8 +72,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -117,8 +133,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -182,8 +206,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -259,8 +291,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )
@@ -336,8 +376,16 @@ class Test_cloudwatch_log_metric_filter_unauthorized_api_calls:
             CloudWatch,
             Logs,
         )
+        from prowler.providers.common.models import Audit_Metadata
 
         current_audit_info.audited_partition = "aws"
+        current_audit_info.audit_metadata = Audit_Metadata(
+            services_scanned=0,
+            # We need to set this check to call __describe_log_groups__
+            expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+            completed_checks=0,
+            audit_progress=0,
+        )
         from prowler.providers.aws.services.cloudtrail.cloudtrail_client import (
             Cloudtrail,
         )

tests/providers/aws/services/cloudwatch/cloudwatch_service_test.py

@@ -3,6 +3,7 @@ from moto import mock_cloudwatch
 
 from prowler.providers.aws.lib.audit_info.models import AWS_Audit_Info
 from prowler.providers.aws.services.cloudwatch.cloudwatch_service import CloudWatch
+from prowler.providers.common.models import Audit_Metadata
 
 AWS_ACCOUNT_NUMBER = 123456789012
 AWS_REGION = "us-east-1"
@@ -29,6 +30,13 @@ class Test_CloudWatch_Service:
             audited_regions=None,
             organizations_metadata=None,
             audit_resources=None,
+            audit_metadata=Audit_Metadata(
+                services_scanned=0,
+                # We need to set this check to call __describe_log_groups__
+                expected_checks=["cloudwatch_log_group_no_secrets_in_logs"],
+                completed_checks=0,
+                audit_progress=0,
+            ),
         )
         return audit_info