prowler/checks/check_extra715

CHECK_ID_extra715="7.15"
CHECK_TITLE_extra715="Check if Elasticsearch Service domains have logging enabled (Not Scored) (Not part of CIS benchmark)"
CHECK_SCORED_extra715="NOT_SCORED"
CHECK_ALTERNATE_extra715="extra715"
CHECK_ALTERNATE_check715="extra715"

extra715(){
  textTitle "$ID715" "$TITLE715" "NOT_SCORED" "EXTRA"
  for regx in $REGIONS; do
    LIST_OF_DOMAINS=$($AWSCLI es list-domain-names $PROFILE_OPT --region $regx --query DomainNames --output text)
    if [[ $LIST_OF_DOMAINS ]]; then
      for domain in $LIST_OF_DOMAINS;do
        SEARCH_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.SEARCH_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
        if [[ $SEARCH_SLOWLOG_ENABLED ]];then
          textOK "$regx: ElasticSearch Service domain $domain SEARCH_SLOW_LOGS enabled" "$regx"
        else
          textWarn "$regx: ElasticSearch Service domain $domain SEARCH_SLOW_LOGS disabled!" "$regx"
        fi
        INDEX_SLOWLOG_ENABLED=$($AWSCLI es describe-elasticsearch-domain-config --domain-name $domain $PROFILE_OPT --region $regx --query DomainConfig.LogPublishingOptions.Options.INDEX_SLOW_LOGS.Enabled --output text |grep -v ^None|grep -v ^False)
        if [[ $INDEX_SLOWLOG_ENABLED ]];then
          textOK "$regx: ElasticSearch Service domain $domain INDEX_SLOW_LOGS enabled" "$regx"
        else
          textWarn "$regx: ElasticSearch Service domain $domain INDEX_SLOW_LOGS disabled!" "$regx"
        fi
      done
    else
      textNotice "$regx: No Elasticsearch Service domain found" "$regx"
    fi
  done
}