fix(cloudtrail): improve cloudtrail_cloudwatch_logging_enabled status extended (#1813)

Co-authored-by: sergargar <sergio@verica.io>
2026-02-10 14:55:00 +00:00 · 2023-02-01 14:08:11 +01:00
parent 89aab4acd5
commit 360c6f3c1c
2 changed files with 8 additions and 8 deletions
--- a/prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.py
+++ b/prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.py
@@ -38,9 +38,9 @@ class cloudtrail_cloudwatch_logging_enabled(Check):
                else:
                    report.status = "FAIL"
                    if trail.is_multiregion:
-                        report.status_extended = f"Multiregion trail {trail.name} is not configured to deliver logs"
+                        report.status_extended = f"Multiregion trail {trail.name} is not logging in the last 24h or not configured to deliver logs"
                    else:
-                        report.status_extended = f"Single region trail {trail.name} is not configured to deliver logs"
+                        report.status_extended = f"Single region trail {trail.name} is not logging in the last 24h or not configured to deliver logs"
                findings.append(report)
        return findings
--- a/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py
+++ b/tests/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled_test.py
@@ -220,15 +220,15 @@ class Test_cloudtrail_cloudwatch_logging_enabled:
                    assert report.resource_id == trail_name_us
                    assert report.resource_arn == trail_us["TrailARN"]
                    assert report.status == "PASS"
-                    assert search(
+                    assert (
-                        report.status_extended,
+                        report.status_extended
-                        f"Single region trail {trail_name_us} has been logging the last 24h",
+                        == f"Single region trail {trail_name_us} has been logging the last 24h"
                    )
                if report.resource_id == trail_name_eu:
                    assert report.resource_id == trail_name_eu
                    assert report.resource_arn == trail_eu["TrailARN"]
                    assert report.status == "FAIL"
-                    assert search(
+                    assert (
-                        report.status_extended,
+                        report.status_extended
-                        f"Single region trail {trail_name_eu} is not configured to deliver logs",
+                        == f"Single region trail {trail_name_eu} is not logging in the last 24h or not configured to deliver logs"
                    )