diff --git a/prowler/lib/check/check.py b/prowler/lib/check/check.py index 22b945cd..947b7284 100644 --- a/prowler/lib/check/check.py +++ b/prowler/lib/check/check.py @@ -290,7 +290,7 @@ def import_check(check_path: str) -> ModuleType: def run_check(check: Check, output_options: Provider_Output_Options) -> list: findings = [] - if output_options.verbose or output_options.is_quiet: + if output_options.verbose: print( f"\nCheck ID: {check.CheckID} - {Fore.MAGENTA}{check.ServiceName}{Fore.YELLOW} [{check.Severity}]{Style.RESET_ALL}" ) diff --git a/prowler/lib/cli/parser.py b/prowler/lib/cli/parser.py index b25ea22d..da912b3c 100644 --- a/prowler/lib/cli/parser.py +++ b/prowler/lib/cli/parser.py @@ -102,7 +102,7 @@ Detailed documentation at https://docs.prowler.cloud "-q", "--quiet", action="store_true", - help="Show only Prowler failed findings", + help="Store or send only Prowler failed findings", ) common_outputs_parser.add_argument( "-M", diff --git a/prowler/lib/outputs/outputs.py b/prowler/lib/outputs/outputs.py index 480521b2..bd0ee259 100644 --- a/prowler/lib/outputs/outputs.py +++ b/prowler/lib/outputs/outputs.py @@ -32,11 +32,7 @@ def stdout_report(finding, color, verbose, is_quiet): if finding.check_metadata.Provider == "azure": details = finding.check_metadata.ServiceName - if is_quiet and "FAIL" in finding.status: - print( - f"\t{color}{finding.status}{Style.RESET_ALL} {details}: {finding.status_extended}" - ) - elif not is_quiet and verbose: + if verbose: print( f"\t{color}{finding.status}{Style.RESET_ALL} {details}: {finding.status_extended}" ) @@ -82,76 +78,81 @@ def report(check_findings, output_options, audit_info): ) if file_descriptors: - # AWS specific outputs - if finding.check_metadata.Provider == "aws": - if ( - "ens_rd2022_aws" in output_options.output_modes - or "cis" in str(output_options.output_modes) - ): - fill_compliance( - output_options, finding, audit_info, file_descriptors + # Check if --quiet to only add fails to outputs + if not (finding.status != "FAIL" and output_options.is_quiet): + # AWS specific outputs + if finding.check_metadata.Provider == "aws": + if ( + "ens_rd2022_aws" in output_options.output_modes + or "cis" in str(output_options.output_modes) + ): + fill_compliance( + output_options, + finding, + audit_info, + file_descriptors, + ) + + if "html" in file_descriptors: + fill_html(file_descriptors["html"], finding) + file_descriptors["html"].write("") + + if "json-asff" in file_descriptors: + finding_output = Check_Output_JSON_ASFF() + fill_json_asff(finding_output, audit_info, finding) + + json.dump( + finding_output.dict(), + file_descriptors["json-asff"], + indent=4, + ) + file_descriptors["json-asff"].write(",") + + # Check if it is needed to send findings to security hub + if ( + output_options.security_hub_enabled + and finding.status != "INFO" + ): + send_to_security_hub( + output_options.is_quiet, + finding.status, + finding.region, + finding_output, + audit_info.audit_session, + ) + + # Common outputs + if "csv" in file_descriptors: + csv_writer, finding_output = generate_provider_output_csv( + finding.check_metadata.Provider, + finding, + audit_info, + "csv", + file_descriptors["csv"], ) + csv_writer.writerow(finding_output.__dict__) - if "html" in file_descriptors: - fill_html(file_descriptors["html"], finding) - file_descriptors["html"].write("") - - if "json-asff" in file_descriptors: - finding_output = Check_Output_JSON_ASFF() - fill_json_asff(finding_output, audit_info, finding) - + if "json" in file_descriptors: + finding_output = generate_provider_output_json( + finding.check_metadata.Provider, + finding, + audit_info, + "json", + file_descriptors["json"], + ) json.dump( finding_output.dict(), - file_descriptors["json-asff"], + file_descriptors["json"], indent=4, ) - file_descriptors["json-asff"].write(",") - - # Check if it is needed to send findings to security hub - if ( - output_options.security_hub_enabled - and finding.status != "INFO" - ): - send_to_security_hub( - output_options.is_quiet, - finding.status, - finding.region, - finding_output, - audit_info.audit_session, - ) - - # Common outputs - if "csv" in file_descriptors: - csv_writer, finding_output = generate_provider_output_csv( - finding.check_metadata.Provider, - finding, - audit_info, - "csv", - file_descriptors["csv"], - ) - csv_writer.writerow(finding_output.__dict__) - - if "json" in file_descriptors: - finding_output = generate_provider_output_json( - finding.check_metadata.Provider, - finding, - audit_info, - "json", - file_descriptors["json"], - ) - json.dump( - finding_output.dict(), - file_descriptors["json"], - indent=4, - ) - file_descriptors["json"].write(",") + file_descriptors["json"].write(",") else: # No service resources in the whole account color = set_report_color("INFO") - if not output_options.is_quiet and output_options.verbose: + if output_options.verbose: print(f"\t{color}INFO{Style.RESET_ALL} There are no resources") # Separator between findings and bar - if output_options.is_quiet or output_options.verbose: + if output_options.verbose: print() if file_descriptors: # Close all file descriptors