mirror of
https://github.com/ghndrx/prowler.git
synced 2026-02-10 06:45:08 +00:00
46 lines
1.8 KiB
XML
46 lines
1.8 KiB
XML
<!--
|
|
Rules for parsing Prowler output
|
|
Authored by Jeremy Phillips <jeremy@uranusbytes.com>
|
|
Copyright: Apache License 2.0
|
|
ID: 110000-110009
|
|
Prowler - https://github.com/toniblyx/prowler
|
|
-->
|
|
|
|
<group name="local,amazon,prowler,">
|
|
<!-- Filter 1: Only prowler events -->
|
|
<rule id="110001" level="0">
|
|
<field name="integration">prowler</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Pass -->
|
|
<rule id="110002" level="1">
|
|
<if_sid>110001</if_sid>
|
|
<field name="prowler.status">Pass</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Info -->
|
|
<rule id="110003" level="3">
|
|
<if_sid>110001</if_sid>
|
|
<field name="prowler.status">Info</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Error -->
|
|
<rule id="110004" level="5">
|
|
<if_sid>110001</if_sid>
|
|
<field name="prowler.status">Error</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Fail, Scored -->
|
|
<rule id="110005" level="9">
|
|
<if_sid>110001</if_sid>
|
|
<field name="prowler.status">Fail</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
<!-- Check Result: Fail, Not Scored -->
|
|
<rule id="110006" level="7">
|
|
<if_sid>110005</if_sid>
|
|
<field name="prowler.scored">Not Scored</field>
|
|
<description>Prowler Check Result: $(prowler.status) - Control $(prowler.control_id)</description>
|
|
</rule>
|
|
</group>
|