From 4a15625bf9af8710175475c95dbb47f2e80f5fa4 Mon Sep 17 00:00:00 2001 From: Sergio Garcia <38561120+sergargar@users.noreply.github.com> Date: Tue, 16 Jan 2024 13:41:08 +0100 Subject: [PATCH] chore(compliance): make SocType attribute general (#3287) --- prowler/compliance/aws/soc2_aws.json | 112 ++++++++++++------------- prowler/lib/check/compliance_models.py | 2 +- prowler/lib/outputs/compliance.py | 2 +- 3 files changed, 58 insertions(+), 58 deletions(-) diff --git a/prowler/compliance/aws/soc2_aws.json b/prowler/compliance/aws/soc2_aws.json index 35e3e61f..860ede2a 100644 --- a/prowler/compliance/aws/soc2_aws.json +++ b/prowler/compliance/aws/soc2_aws.json @@ -13,7 +13,7 @@ "ItemId": "cc_1_1", "Section": "CC1.0 - Common Criteria Related to Control Environment", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -27,7 +27,7 @@ "ItemId": "cc_1_2", "Section": "CC1.0 - Common Criteria Related to Control Environment", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -41,7 +41,7 @@ "ItemId": "cc_1_3", "Section": "CC1.0 - Common Criteria Related to Control Environment", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -62,7 +62,7 @@ "ItemId": "cc_1_4", "Section": "CC1.0 - Common Criteria Related to Control Environment", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -76,7 +76,7 @@ "ItemId": "cc_1_5", "Section": "CC1.0 - Common Criteria Related to Control Environment", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -90,7 +90,7 @@ "ItemId": "cc_2_1", "Section": "CC2.0 - Common Criteria Related to Communication and Information", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -109,7 +109,7 @@ "ItemId": "cc_2_2", "Section": "CC2.0 - Common Criteria Related to Communication and Information", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -123,7 +123,7 @@ "ItemId": "cc_2_3", "Section": "CC2.0 - Common Criteria Related to Communication and Information", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -137,7 +137,7 @@ "ItemId": "cc_3_1", "Section": "CC3.0 - Common Criteria Related to Risk Assessment", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -155,7 +155,7 @@ "ItemId": "cc_3_2", "Section": "CC3.0 - Common Criteria Related to Risk Assessment", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -175,7 +175,7 @@ "ItemId": "cc_3_3", "Section": "CC3.0 - Common Criteria Related to Risk Assessment", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -189,7 +189,7 @@ "ItemId": "cc_3_4", "Section": "CC3.0 - Common Criteria Related to Risk Assessment", "Service": "config", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -205,7 +205,7 @@ "ItemId": "cc_4_1", "Section": "CC4.0 - Monitoring Activities", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -219,7 +219,7 @@ "ItemId": "cc_4_2", "Section": "CC4.0 - Monitoring Activities", "Service": "guardduty", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -236,7 +236,7 @@ "ItemId": "cc_5_1", "Section": "CC5.0 - Control Activities", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -250,7 +250,7 @@ "ItemId": "cc_5_2", "Section": "CC5.0 - Control Activities", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -264,7 +264,7 @@ "ItemId": "cc_5_3", "Section": "CC5.0 - Control Activities", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -278,7 +278,7 @@ "ItemId": "cc_6_1", "Section": "CC6.0 - Logical and Physical Access", "Service": "s3", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -294,7 +294,7 @@ "ItemId": "cc_6_2", "Section": "CC6.0 - Logical and Physical Access", "Service": "rds", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -310,7 +310,7 @@ "ItemId": "cc_6_3", "Section": "CC6.0 - Logical and Physical Access", "Service": "iam", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -328,7 +328,7 @@ "ItemId": "cc_6_4", "Section": "CC6.0 - Logical and Physical Access", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -342,7 +342,7 @@ "ItemId": "cc_6_5", "Section": "CC6.0 - Logical and Physical Access", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -356,7 +356,7 @@ "ItemId": "cc_6_6", "Section": "CC6.0 - Logical and Physical Access", "Service": "ec2", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -372,7 +372,7 @@ "ItemId": "cc_6_7", "Section": "CC6.0 - Logical and Physical Access", "Service": "acm", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -388,7 +388,7 @@ "ItemId": "cc_6_8", "Section": "CC6.0 - Logical and Physical Access", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -405,7 +405,7 @@ "ItemId": "cc_7_1", "Section": "CC7.0 - System Operations", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -424,7 +424,7 @@ "ItemId": "cc_7_2", "Section": "CC7.0 - System Operations", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -460,7 +460,7 @@ "ItemId": "cc_7_3", "Section": "CC7.0 - System Operations", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -492,7 +492,7 @@ "ItemId": "cc_7_4", "Section": "CC7.0 - System Operations", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -523,7 +523,7 @@ "ItemId": "cc_7_5", "Section": "CC7.0 - System Operations", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -537,7 +537,7 @@ "ItemId": "cc_8_1", "Section": "CC8.0 - Change Management", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -553,7 +553,7 @@ "ItemId": "cc_9_1", "Section": "CC9.0 - Risk Mitigation", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -567,7 +567,7 @@ "ItemId": "cc_9_2", "Section": "CC9.0 - Risk Mitigation", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -581,7 +581,7 @@ "ItemId": "cc_a_1_1", "Section": "CCA1.0 - Additional Criterial for Availability", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -595,7 +595,7 @@ "ItemId": "cc_a_1_2", "Section": "CCA1.0 - Additional Criterial for Availability", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -626,7 +626,7 @@ "ItemId": "cc_a_1_3", "Section": "CCA1.0 - Additional Criterial for Availability", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -640,7 +640,7 @@ "ItemId": "cc_c_1_1", "Section": "CCC1.0 - Additional Criterial for Confidentiality", "Service": "aws", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -656,7 +656,7 @@ "ItemId": "cc_c_1_2", "Section": "CCC1.0 - Additional Criterial for Confidentiality", "Service": "s3", - "Soc_Type": "automated" + "Type": "automated" } ], "Checks": [ @@ -672,7 +672,7 @@ "ItemId": "p_1_1", "Section": "P1.0 - Privacy Criteria Related to Notice and Communication of Objectives Related to Privacy", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -686,7 +686,7 @@ "ItemId": "p_2_1", "Section": "P2.0 - Privacy Criteria Related to Choice and Consent", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -700,7 +700,7 @@ "ItemId": "p_3_1", "Section": "P3.0 - Privacy Criteria Related to Collection", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -714,7 +714,7 @@ "ItemId": "p_3_2", "Section": "P3.0 - Privacy Criteria Related to Collection", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -728,7 +728,7 @@ "ItemId": "p_4_1", "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -742,7 +742,7 @@ "ItemId": "p_4_2", "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -756,7 +756,7 @@ "ItemId": "p_4_3", "Section": "P4.0 - Privacy Criteria Related to Use, Retention, and Disposal", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -770,7 +770,7 @@ "ItemId": "p_5_1", "Section": "P5.0 - Privacy Criteria Related to Access", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -784,7 +784,7 @@ "ItemId": "p_5_2", "Section": "P5.0 - Privacy Criteria Related to Access", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -798,7 +798,7 @@ "ItemId": "p_6_1", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -812,7 +812,7 @@ "ItemId": "p_6_2", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -826,7 +826,7 @@ "ItemId": "p_6_3", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -840,7 +840,7 @@ "ItemId": "p_6_4", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -854,7 +854,7 @@ "ItemId": "p_6_5", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -868,7 +868,7 @@ "ItemId": "p_6_6", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -882,7 +882,7 @@ "ItemId": "p_6_7", "Section": "P6.0 - Privacy Criteria Related to Disclosure and Notification", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -896,7 +896,7 @@ "ItemId": "p_7_1", "Section": "P7.0 - Privacy Criteria Related to Quality", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] @@ -910,7 +910,7 @@ "ItemId": "p_8_1", "Section": "P8.0 - Privacy Criteria Related to Monitoring and Enforcement", "Service": "aws", - "Soc_Type": "manual" + "Type": "manual" } ], "Checks": [] diff --git a/prowler/lib/check/compliance_models.py b/prowler/lib/check/compliance_models.py index 29c9e0ea..e01f6e8d 100644 --- a/prowler/lib/check/compliance_models.py +++ b/prowler/lib/check/compliance_models.py @@ -57,7 +57,7 @@ class Generic_Compliance_Requirement_Attribute(BaseModel): SubSection: Optional[str] SubGroup: Optional[str] Service: str - Soc_Type: Optional[str] + Type: Optional[str] class CIS_Requirement_Attribute_Profile(str): diff --git a/prowler/lib/outputs/compliance.py b/prowler/lib/outputs/compliance.py index a24d40ea..47593c3b 100644 --- a/prowler/lib/outputs/compliance.py +++ b/prowler/lib/outputs/compliance.py @@ -330,7 +330,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors): Requirements_Attributes_SubSection=attribute.SubSection, Requirements_Attributes_SubGroup=attribute.SubGroup, Requirements_Attributes_Service=attribute.Service, - Requirements_Attributes_Soc_Type=attribute.Soc_Type, + Requirements_Attributes_Type=attribute.Type, Status=finding.status, StatusExtended=finding.status_extended, ResourceId=finding.resource_id,