mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 14:55:00 +00:00
feat(compliance): add ISO27001 compliance framework (#2517)
Co-authored-by: Sergio Garcia <sergargar1@gmail.com>
This commit is contained in:
Pedro Martín
1273
prowler/compliance/aws/iso27001_aws.json
Normal file
1273
prowler/compliance/aws/iso27001_aws.json
Normal file
File diff suppressed because it is too large
Load Diff
@@ -105,6 +105,16 @@ class AWS_Well_Architected_Requirements(BaseModel):
|
|||||||
ImplementationGuidanceUrl: str
|
ImplementationGuidanceUrl: str
|
||||||
|
|
||||||
|
|
||||||
|
# ISO27001 Requirements
|
||||||
|
class ISO27001_Requirements(BaseModel):
|
||||||
|
"""ISO27001 Requirements"""
|
||||||
|
|
||||||
|
Category: str
|
||||||
|
Objetive_ID: str
|
||||||
|
Objetive_Name: str
|
||||||
|
Check_Summary: str
|
||||||
|
|
||||||
|
|
||||||
# Base Compliance Model
|
# Base Compliance Model
|
||||||
class Compliance_Requirement(BaseModel):
|
class Compliance_Requirement(BaseModel):
|
||||||
"""Compliance_Requirement holds the base model for every requirement within a compliance framework"""
|
"""Compliance_Requirement holds the base model for every requirement within a compliance framework"""
|
||||||
@@ -117,6 +127,7 @@ class Compliance_Requirement(BaseModel):
|
|||||||
CIS_Requirements,
|
CIS_Requirements,
|
||||||
ENS_Requirements,
|
ENS_Requirements,
|
||||||
Generic_Compliance_Requirements,
|
Generic_Compliance_Requirements,
|
||||||
|
ISO27001_Requirements,
|
||||||
AWS_Well_Architected_Requirements,
|
AWS_Well_Architected_Requirements,
|
||||||
]
|
]
|
||||||
]
|
]
|
||||||
|
|||||||
@@ -258,7 +258,7 @@ Detailed documentation at https://docs.prowler.cloud
|
|||||||
list_group.add_argument(
|
list_group.add_argument(
|
||||||
"--list-compliance-requirements",
|
"--list-compliance-requirements",
|
||||||
nargs="+",
|
nargs="+",
|
||||||
help="List compliance requirements for a given requirement",
|
help="List compliance requirements for a given compliance framework",
|
||||||
choices=available_compliance_frameworks,
|
choices=available_compliance_frameworks,
|
||||||
)
|
)
|
||||||
list_group.add_argument(
|
list_group.add_argument(
|
||||||
|
|||||||
@@ -8,6 +8,7 @@ from prowler.config.config import orange_color, timestamp
|
|||||||
from prowler.lib.check.models import Check_Report
|
from prowler.lib.check.models import Check_Report
|
||||||
from prowler.lib.logger import logger
|
from prowler.lib.logger import logger
|
||||||
from prowler.lib.outputs.models import (
|
from prowler.lib.outputs.models import (
|
||||||
|
Check_Output_CSV_AWS_ISO27001,
|
||||||
Check_Output_CSV_AWS_Well_Architected,
|
Check_Output_CSV_AWS_Well_Architected,
|
||||||
Check_Output_CSV_CIS,
|
Check_Output_CSV_CIS,
|
||||||
Check_Output_CSV_ENS_RD2022,
|
Check_Output_CSV_ENS_RD2022,
|
||||||
@@ -159,6 +160,40 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
|
|||||||
|
|
||||||
csv_header = generate_csv_fields(Check_Output_CSV_AWS_Well_Architected)
|
csv_header = generate_csv_fields(Check_Output_CSV_AWS_Well_Architected)
|
||||||
|
|
||||||
|
elif compliance.Framework == "ISO27001" and compliance.Provider == "AWS":
|
||||||
|
compliance_output = compliance.Framework
|
||||||
|
if compliance.Version != "":
|
||||||
|
compliance_output += "_" + compliance.Version
|
||||||
|
if compliance.Provider != "":
|
||||||
|
compliance_output += "_" + compliance.Provider
|
||||||
|
|
||||||
|
compliance_output = compliance_output.lower().replace("-", "_")
|
||||||
|
if compliance_output in output_options.output_modes:
|
||||||
|
for requirement in compliance.Requirements:
|
||||||
|
requirement_description = requirement.Description
|
||||||
|
requirement_id = requirement.Id
|
||||||
|
requirement.Name
|
||||||
|
for attribute in requirement.Attributes:
|
||||||
|
compliance_row = Check_Output_CSV_AWS_ISO27001(
|
||||||
|
Provider=finding.check_metadata.Provider,
|
||||||
|
Description=compliance.Description,
|
||||||
|
AccountId=audit_info.audited_account,
|
||||||
|
Region=finding.region,
|
||||||
|
AssessmentDate=timestamp.isoformat(),
|
||||||
|
Requirements_Id=requirement_id,
|
||||||
|
Requirements_Description=requirement_description,
|
||||||
|
Requirements_Attributes_Category=attribute.Category,
|
||||||
|
Requirements_Attributes_Objetive_ID=attribute.Objetive_ID,
|
||||||
|
Requirements_Attributes_Objetive_Name=attribute.Objetive_Name,
|
||||||
|
Requirements_Attributes_Check_Summary=attribute.Check_Summary,
|
||||||
|
Status=finding.status,
|
||||||
|
StatusExtended=finding.status_extended,
|
||||||
|
ResourceId=finding.resource_id,
|
||||||
|
CheckId=finding.check_metadata.CheckID,
|
||||||
|
)
|
||||||
|
|
||||||
|
csv_header = generate_csv_fields(Check_Output_CSV_AWS_ISO27001)
|
||||||
|
|
||||||
else:
|
else:
|
||||||
compliance_output = compliance.Framework
|
compliance_output = compliance.Framework
|
||||||
if compliance.Version != "":
|
if compliance.Version != "":
|
||||||
@@ -191,9 +226,7 @@ def fill_compliance(output_options, finding, audit_info, file_descriptors):
|
|||||||
CheckId=finding.check_metadata.CheckID,
|
CheckId=finding.check_metadata.CheckID,
|
||||||
)
|
)
|
||||||
|
|
||||||
csv_header = generate_csv_fields(
|
csv_header = generate_csv_fields(Check_Output_CSV_Generic_Compliance)
|
||||||
Check_Output_CSV_Generic_Compliance
|
|
||||||
)
|
|
||||||
|
|
||||||
if compliance_row:
|
if compliance_row:
|
||||||
csv_writer = DictWriter(
|
csv_writer = DictWriter(
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ from prowler.lib.outputs.html import add_html_header
|
|||||||
from prowler.lib.outputs.models import (
|
from prowler.lib.outputs.models import (
|
||||||
Aws_Check_Output_CSV,
|
Aws_Check_Output_CSV,
|
||||||
Azure_Check_Output_CSV,
|
Azure_Check_Output_CSV,
|
||||||
|
Check_Output_CSV_AWS_ISO27001,
|
||||||
Check_Output_CSV_AWS_Well_Architected,
|
Check_Output_CSV_AWS_Well_Architected,
|
||||||
Check_Output_CSV_CIS,
|
Check_Output_CSV_CIS,
|
||||||
Check_Output_CSV_ENS_RD2022,
|
Check_Output_CSV_ENS_RD2022,
|
||||||
@@ -163,6 +164,16 @@ def fill_file_descriptors(output_modes, output_directory, output_filename, audit
|
|||||||
)
|
)
|
||||||
file_descriptors.update({output_mode: file_descriptor})
|
file_descriptors.update({output_mode: file_descriptor})
|
||||||
|
|
||||||
|
elif output_mode == "iso27001_aws":
|
||||||
|
filename = f"{output_directory}/{output_filename}_iso27001_aws{csv_file_suffix}"
|
||||||
|
file_descriptor = initialize_file_descriptor(
|
||||||
|
filename,
|
||||||
|
output_mode,
|
||||||
|
audit_info,
|
||||||
|
Check_Output_CSV_AWS_ISO27001,
|
||||||
|
)
|
||||||
|
file_descriptors.update({output_mode: file_descriptor})
|
||||||
|
|
||||||
else:
|
else:
|
||||||
# Generic Compliance framework
|
# Generic Compliance framework
|
||||||
filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
|
filename = f"{output_directory}/{output_filename}_{output_mode}{csv_file_suffix}"
|
||||||
|
|||||||
@@ -588,6 +588,26 @@ class Check_Output_CSV_AWS_Well_Architected(BaseModel):
|
|||||||
CheckId: str
|
CheckId: str
|
||||||
|
|
||||||
|
|
||||||
|
class Check_Output_CSV_AWS_ISO27001(BaseModel):
|
||||||
|
"""
|
||||||
|
Check_Output_CSV_AWS_ISO27001 generates a finding's output in CSV AWS ISO27001 Compliance format.
|
||||||
|
"""
|
||||||
|
|
||||||
|
Provider: str
|
||||||
|
Description: str
|
||||||
|
AccountId: str
|
||||||
|
Region: str
|
||||||
|
AssessmentDate: str
|
||||||
|
Requirements_Attributes_Category: str
|
||||||
|
Requirements_Attributes_Objetive_ID: str
|
||||||
|
Requirements_Attributes_Objetive_Name: str
|
||||||
|
Requirements_Attributes_Check_Summary: str
|
||||||
|
Status: str
|
||||||
|
StatusExtended: str
|
||||||
|
ResourceId: str
|
||||||
|
CheckId: str
|
||||||
|
|
||||||
|
|
||||||
# JSON ASFF Output
|
# JSON ASFF Output
|
||||||
class ProductFields(BaseModel):
|
class ProductFields(BaseModel):
|
||||||
ProviderName: str = "Prowler"
|
ProviderName: str = "Prowler"
|
||||||
|
|||||||
Reference in New Issue
Block a user