mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 23:05:05 +00:00
46 lines
1.8 KiB
XML
46 lines
1.8 KiB
XML
<!--
|
|
Rules for parsing Prowler output
|
|
Authored by Jeremy Phillips <jeremy@uranusbytes.com>
|
|
Copyright: Apache License 2.0
|
|
ID: 90000-90099
|
|
Prowler - https://github.com/toniblyx/prowler
|
|
-->
|
|
|
|
<group name="local,amazon,prowler,">
|
|
<!-- Filter 1: Only prowler events -->
|
|
<rule id="90001" level="0">
|
|
<field name="integration">prowler</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Pass -->
|
|
<rule id="90002" level="1">
|
|
<if_sid>90001</if_sid>
|
|
<field name="prowler.status">Pass</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Info -->
|
|
<rule id="90003" level="3">
|
|
<if_sid>90001</if_sid>
|
|
<field name="prowler.status">Info</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Error -->
|
|
<rule id="90004" level="5">
|
|
<if_sid>90001</if_sid>
|
|
<field name="prowler.status">Error</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Fail, Scored -->
|
|
<rule id="90005" level="9">
|
|
<if_sid>90001</if_sid>
|
|
<field name="prowler.status">Fail</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Fail, Not Scored -->
|
|
<rule id="90006" level="7">
|
|
<if_sid>90005</if_sid>
|
|
<field name="prowler.scored">Not Scored</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
</group>
|