mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
feat(shub_compatibility): send finding to filter regions and change checkType to list (#1341)
This commit is contained in:
Sergio Garcia
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_administrator_access_with_mfa",
|
||||
"CheckTitle": "Ensure users of groups with AdministratorAccess policy have MFA tokens enabled",
|
||||
"CheckType": "Infrastructure Security",
|
||||
"CheckType": ["Infrastructure Security"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_avoid_root_usage",
|
||||
"CheckTitle": "Avoid the use of the root accounts",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_disable_30_days_credentials",
|
||||
"CheckTitle": "Ensure credentials unused for 30 days or greater are disabled",
|
||||
"CheckType": "Software and Configuration Checks",
|
||||
"CheckType": ["Software and Configuration Checks"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Categories": [],
|
||||
"CheckID": "iam_disable_90_days_credentials",
|
||||
"CheckTitle": "Ensure credentials unused for 90 days or greater are disabled",
|
||||
"CheckType": "Software and Configuration Checks",
|
||||
"CheckType": ["Software and Configuration Checks"],
|
||||
"Compliance": [
|
||||
{
|
||||
"Control": [
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_no_root_access_key",
|
||||
"CheckTitle": "Ensure no root account access key exists",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam-password-policy-expires-passwords-within-90-days-or-less",
|
||||
"CheckTitle": "Ensure IAM password policy expires passwords within 90 days or less",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_policy_allows_privilege_escalation",
|
||||
"CheckTitle": "Ensure no Customer Managed IAM policies allow actions that may lead into Privilege Escalation",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_root_hardware_mfa_enabled",
|
||||
"CheckTitle": "Ensure hardware MFA is enabled for the root account",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_root_mfa_enabled",
|
||||
"CheckTitle": "Ensure MFA is enabled for the root account",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_rotate_access_key_90_days",
|
||||
"CheckTitle": "Ensure access keys are rotated every 90 days or less",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@ import csv
|
||||
from dataclasses import dataclass
|
||||
|
||||
from lib.logger import logger
|
||||
from providers.aws.aws_provider import current_audit_info
|
||||
from providers.aws.aws_provider import current_audit_info, get_region_global_service
|
||||
|
||||
|
||||
################## IAM
|
||||
@@ -12,7 +12,7 @@ class IAM:
|
||||
self.session = audit_info.audit_session
|
||||
self.account = audit_info.audited_account
|
||||
self.client = self.session.client(self.service)
|
||||
self.region = audit_info.profile_region
|
||||
self.region = get_region_global_service(audit_info)
|
||||
self.users = self.__get_users__()
|
||||
self.roles = self.__get_roles__()
|
||||
self.account_summary = self.__get_account_summary__()
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_user_hardware_mfa_enabled",
|
||||
"CheckTitle": "Check if IAM users have Hardware MFA enabled.",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_user_mfa_enabled_console_access",
|
||||
"CheckTitle": "Ensure multi-factor authentication (MFA) is enabled for all IAM users that have a console password.",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
"Provider": "aws",
|
||||
"CheckID": "iam_user_two_active_access_key",
|
||||
"CheckTitle": "Check if IAM users have two active access keys",
|
||||
"CheckType": "Software and Configuration Checks/Industry and Regulatory Standards/CIS AWS Foundations Benchmark",
|
||||
"CheckType": ["Software and Configuration Checks", "Industry and Regulatory Standards" ,"CIS AWS Foundations Benchmark"],
|
||||
"ServiceName": "iam",
|
||||
"SubServiceName": "",
|
||||
"ResourceIdTemplate": "arn:partition:service:region:account-id:resource-id",
|
||||
|
||||
Reference in New Issue
Block a user