prowler-cloud 5.12.3__py3-none-any.whl → 5.13.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/assets/markdown-styles.css +34 -0
- dashboard/compliance/c5_aws.py +43 -0
- dashboard/compliance/ccc_aws.py +36 -0
- dashboard/compliance/ccc_azure.py +36 -0
- dashboard/compliance/ccc_gcp.py +36 -0
- dashboard/compliance/cis_3_0_oci.py +41 -0
- dashboard/pages/overview.py +66 -16
- prowler/CHANGELOG.md +60 -0
- prowler/__main__.py +128 -14
- prowler/compliance/aws/aws_account_security_onboarding_aws.json +1 -0
- prowler/compliance/aws/aws_audit_manager_control_tower_guardrails_aws.json +1 -0
- prowler/compliance/aws/aws_foundational_security_best_practices_aws.json +2 -1
- prowler/compliance/aws/aws_foundational_technical_review_aws.json +1 -0
- prowler/compliance/aws/aws_well_architected_framework_reliability_pillar_aws.json +1 -0
- prowler/compliance/aws/aws_well_architected_framework_security_pillar_aws.json +1 -0
- prowler/compliance/aws/c5_aws.json +10744 -0
- prowler/compliance/aws/ccc_aws.json +6206 -0
- prowler/compliance/aws/cis_1.4_aws.json +1 -0
- prowler/compliance/aws/cis_1.5_aws.json +1 -0
- prowler/compliance/aws/cis_2.0_aws.json +1 -0
- prowler/compliance/aws/cis_3.0_aws.json +1 -0
- prowler/compliance/aws/cis_4.0_aws.json +1 -0
- prowler/compliance/aws/cis_5.0_aws.json +1 -0
- prowler/compliance/aws/cisa_aws.json +1 -0
- prowler/compliance/aws/ens_rd2022_aws.json +1 -0
- prowler/compliance/aws/fedramp_low_revision_4_aws.json +1 -0
- prowler/compliance/aws/fedramp_moderate_revision_4_aws.json +1 -0
- prowler/compliance/aws/ffiec_aws.json +1 -0
- prowler/compliance/aws/gdpr_aws.json +1 -0
- prowler/compliance/aws/gxp_21_cfr_part_11_aws.json +1 -0
- prowler/compliance/aws/gxp_eu_annex_11_aws.json +1 -0
- prowler/compliance/aws/hipaa_aws.json +1 -0
- prowler/compliance/aws/iso27001_2013_aws.json +1 -0
- prowler/compliance/aws/iso27001_2022_aws.json +1 -0
- prowler/compliance/aws/kisa_isms_p_2023_aws.json +1 -0
- prowler/compliance/aws/kisa_isms_p_2023_korean_aws.json +1 -0
- prowler/compliance/aws/mitre_attack_aws.json +287 -11
- prowler/compliance/aws/nis2_aws.json +1 -0
- prowler/compliance/aws/nist_800_171_revision_2_aws.json +1 -0
- prowler/compliance/aws/nist_800_53_revision_4_aws.json +1 -0
- prowler/compliance/aws/nist_800_53_revision_5_aws.json +1 -0
- prowler/compliance/aws/nist_csf_1.1_aws.json +1 -0
- prowler/compliance/aws/pci_3.2.1_aws.json +2 -1
- prowler/compliance/aws/pci_4.0_aws.json +1 -0
- prowler/compliance/aws/prowler_threatscore_aws.json +1 -0
- prowler/compliance/aws/rbi_cyber_security_framework_aws.json +1 -0
- prowler/compliance/aws/soc2_aws.json +1 -0
- prowler/compliance/azure/ccc_azure.json +6147 -0
- prowler/compliance/azure/cis_2.0_azure.json +1 -0
- prowler/compliance/azure/cis_2.1_azure.json +1 -0
- prowler/compliance/azure/cis_3.0_azure.json +1 -0
- prowler/compliance/azure/cis_4.0_azure.json +1 -0
- prowler/compliance/azure/ens_rd2022_azure.json +1 -0
- prowler/compliance/azure/iso27001_2022_azure.json +1 -0
- prowler/compliance/azure/mitre_attack_azure.json +131 -5
- prowler/compliance/azure/nis2_azure.json +1 -0
- prowler/compliance/azure/pci_4.0_azure.json +1 -0
- prowler/compliance/azure/prowler_threatscore_azure.json +1 -0
- prowler/compliance/azure/soc2_azure.json +1 -0
- prowler/compliance/gcp/ccc_gcp.json +6077 -0
- prowler/compliance/gcp/cis_2.0_gcp.json +1 -0
- prowler/compliance/gcp/cis_3.0_gcp.json +1 -0
- prowler/compliance/gcp/cis_4.0_gcp.json +1 -0
- prowler/compliance/gcp/ens_rd2022_gcp.json +1 -0
- prowler/compliance/gcp/iso27001_2022_gcp.json +1 -0
- prowler/compliance/gcp/mitre_attack_gcp.json +287 -11
- prowler/compliance/gcp/nis2_gcp.json +1 -0
- prowler/compliance/gcp/pci_4.0_gcp.json +1 -0
- prowler/compliance/gcp/prowler_threatscore_gcp.json +1 -0
- prowler/compliance/gcp/soc2_gcp.json +1 -0
- prowler/compliance/github/cis_1.0_github.json +1 -0
- prowler/compliance/kubernetes/cis_1.10_kubernetes.json +1 -0
- prowler/compliance/kubernetes/cis_1.11_kubernetes.json +1 -0
- prowler/compliance/kubernetes/cis_1.8_kubernetes.json +1 -0
- prowler/compliance/kubernetes/iso27001_2022_kubernetes.json +1 -0
- prowler/compliance/kubernetes/pci_4.0_kubernetes.json +1 -0
- prowler/compliance/llm/__init__.py +0 -0
- prowler/compliance/m365/cis_4.0_m365.json +1 -0
- prowler/compliance/m365/iso27001_2022_m365.json +1 -0
- prowler/compliance/m365/prowler_threatscore_m365.json +1 -0
- prowler/compliance/nhn/iso27001_2022_nhn.json +1 -0
- prowler/compliance/oci/__init__.py +0 -0
- prowler/compliance/oci/cis_3.0_oci.json +1141 -0
- prowler/config/config.py +5 -1
- prowler/config/llm_config.yaml +175015 -0
- prowler/config/oraclecloud_mutelist_example.yaml +61 -0
- prowler/lib/check/check.py +9 -1
- prowler/lib/check/compliance.py +1 -0
- prowler/lib/check/compliance_models.py +33 -3
- prowler/lib/check/models.py +96 -8
- prowler/lib/check/utils.py +8 -2
- prowler/lib/cli/parser.py +6 -4
- prowler/lib/outputs/compliance/aws_well_architected/aws_well_architected.py +4 -0
- prowler/lib/outputs/compliance/aws_well_architected/models.py +2 -0
- prowler/lib/outputs/compliance/c5/__init__.py +0 -0
- prowler/lib/outputs/compliance/c5/c5.py +98 -0
- prowler/lib/outputs/compliance/c5/c5_aws.py +92 -0
- prowler/lib/outputs/compliance/c5/models.py +30 -0
- prowler/lib/outputs/compliance/ccc/__init__.py +0 -0
- prowler/lib/outputs/compliance/ccc/ccc_aws.py +95 -0
- prowler/lib/outputs/compliance/ccc/ccc_azure.py +95 -0
- prowler/lib/outputs/compliance/ccc/ccc_gcp.py +95 -0
- prowler/lib/outputs/compliance/ccc/models.py +90 -0
- prowler/lib/outputs/compliance/cis/cis_aws.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_azure.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_gcp.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_github.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_kubernetes.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_m365.py +4 -0
- prowler/lib/outputs/compliance/cis/cis_oci.py +106 -0
- prowler/lib/outputs/compliance/cis/models.py +56 -0
- prowler/lib/outputs/compliance/compliance.py +10 -0
- prowler/lib/outputs/compliance/compliance_output.py +4 -1
- prowler/lib/outputs/compliance/ens/ens_aws.py +4 -0
- prowler/lib/outputs/compliance/ens/ens_azure.py +4 -0
- prowler/lib/outputs/compliance/ens/ens_gcp.py +4 -0
- prowler/lib/outputs/compliance/ens/models.py +6 -0
- prowler/lib/outputs/compliance/generic/generic.py +4 -0
- prowler/lib/outputs/compliance/generic/models.py +2 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_aws.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_azure.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_gcp.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_kubernetes.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_m365.py +4 -0
- prowler/lib/outputs/compliance/iso27001/iso27001_nhn.py +4 -0
- prowler/lib/outputs/compliance/iso27001/models.py +12 -0
- prowler/lib/outputs/compliance/kisa_ismsp/kisa_ismsp_aws.py +4 -0
- prowler/lib/outputs/compliance/kisa_ismsp/models.py +2 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_aws.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_azure.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/mitre_attack_gcp.py +4 -0
- prowler/lib/outputs/compliance/mitre_attack/models.py +6 -0
- prowler/lib/outputs/compliance/prowler_threatscore/models.py +8 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore.py +46 -4
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_aws.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_azure.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_gcp.py +4 -0
- prowler/lib/outputs/compliance/prowler_threatscore/prowler_threatscore_m365.py +4 -0
- prowler/lib/outputs/csv/csv.py +3 -0
- prowler/lib/outputs/finding.py +22 -0
- prowler/lib/outputs/html/html.py +192 -7
- prowler/lib/outputs/jira/jira.py +284 -47
- prowler/lib/outputs/ocsf/ocsf.py +1 -4
- prowler/lib/outputs/outputs.py +6 -0
- prowler/lib/outputs/summary_table.py +10 -0
- prowler/providers/aws/aws_regions_by_service.json +221 -44
- prowler/providers/aws/lib/quick_inventory/quick_inventory.py +3 -0
- prowler/providers/aws/lib/security_hub/security_hub.py +12 -2
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled/accessanalyzer_enabled.metadata.json +27 -13
- prowler/providers/aws/services/accessanalyzer/accessanalyzer_enabled_without_findings/accessanalyzer_enabled_without_findings.metadata.json +32 -13
- prowler/providers/aws/services/account/account_maintain_current_contact_details/account_maintain_current_contact_details.metadata.json +23 -11
- prowler/providers/aws/services/account/account_maintain_different_contact_details_to_security_billing_and_operations/account_maintain_different_contact_details_to_security_billing_and_operations.metadata.json +24 -12
- prowler/providers/aws/services/account/account_security_contact_information_is_registered/account_security_contact_information_is_registered.metadata.json +19 -11
- prowler/providers/aws/services/account/account_security_questions_are_registered_in_the_aws_account/account_security_questions_are_registered_in_the_aws_account.metadata.json +14 -10
- prowler/providers/aws/services/acm/acm_certificates_expiration_check/acm_certificates_expiration_check.metadata.json +17 -9
- prowler/providers/aws/services/acm/acm_certificates_transparency_logs_enabled/acm_certificates_transparency_logs_enabled.metadata.json +16 -12
- prowler/providers/aws/services/acm/acm_certificates_with_secure_key_algorithms/acm_certificates_with_secure_key_algorithms.metadata.json +21 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_authorizers_enabled/apigateway_restapi_authorizers_enabled.metadata.json +23 -16
- prowler/providers/aws/services/apigateway/apigateway_restapi_cache_encrypted/apigateway_restapi_cache_encrypted.metadata.json +22 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_client_certificate_enabled/apigateway_restapi_client_certificate_enabled.metadata.json +26 -18
- prowler/providers/aws/services/apigateway/apigateway_restapi_logging_enabled/apigateway_restapi_logging_enabled.metadata.json +30 -19
- prowler/providers/aws/services/apigateway/apigateway_restapi_public/apigateway_restapi_public.metadata.json +24 -16
- prowler/providers/aws/services/apigateway/apigateway_restapi_public_with_authorizer/apigateway_restapi_public_with_authorizer.metadata.json +31 -18
- prowler/providers/aws/services/apigateway/apigateway_restapi_tracing_enabled/apigateway_restapi_tracing_enabled.metadata.json +20 -12
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +24 -18
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_access_logging_enabled/apigatewayv2_api_access_logging_enabled.metadata.json +18 -12
- prowler/providers/aws/services/apigatewayv2/apigatewayv2_api_authorizers_enabled/apigatewayv2_api_authorizers_enabled.metadata.json +21 -12
- prowler/providers/aws/services/appstream/appstream_fleet_default_internet_access_disabled/appstream_fleet_default_internet_access_disabled.metadata.json +23 -15
- prowler/providers/aws/services/appstream/appstream_fleet_maximum_session_duration/appstream_fleet_maximum_session_duration.metadata.json +15 -12
- prowler/providers/aws/services/appstream/appstream_fleet_session_disconnect_timeout/appstream_fleet_session_disconnect_timeout.metadata.json +17 -14
- prowler/providers/aws/services/appstream/appstream_fleet_session_idle_disconnect_timeout/appstream_fleet_session_idle_disconnect_timeout.metadata.json +20 -15
- prowler/providers/aws/services/appsync/appsync_field_level_logging_enabled/appsync_field_level_logging_enabled.metadata.json +21 -12
- prowler/providers/aws/services/appsync/appsync_graphql_api_no_api_key_authentication/appsync_graphql_api_no_api_key_authentication.metadata.json +20 -13
- prowler/providers/aws/services/athena/athena_workgroup_encryption/athena_workgroup_encryption.metadata.json +24 -12
- prowler/providers/aws/services/athena/athena_workgroup_enforce_configuration/athena_workgroup_enforce_configuration.metadata.json +20 -13
- prowler/providers/aws/services/athena/athena_workgroup_logging_enabled/athena_workgroup_logging_enabled.metadata.json +21 -12
- prowler/providers/aws/services/autoscaling/autoscaling_find_secrets_ec2_launch_configuration/autoscaling_find_secrets_ec2_launch_configuration.metadata.json +15 -10
- prowler/providers/aws/services/autoscaling/autoscaling_group_capacity_rebalance_enabled/autoscaling_group_capacity_rebalance_enabled.metadata.json +20 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_elb_health_check_enabled/autoscaling_group_elb_health_check_enabled.metadata.json +20 -12
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_no_public_ip/autoscaling_group_launch_configuration_no_public_ip.metadata.json +20 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_launch_configuration_requires_imdsv2/autoscaling_group_launch_configuration_requires_imdsv2.metadata.json +26 -14
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_az/autoscaling_group_multiple_az.metadata.json +22 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_multiple_instance_types/autoscaling_group_multiple_instance_types.metadata.json +21 -13
- prowler/providers/aws/services/autoscaling/autoscaling_group_using_ec2_launch_template/autoscaling_group_using_ec2_launch_template.metadata.json +19 -12
- prowler/providers/aws/services/autoscaling/autoscaling_service.py +1 -1
- prowler/providers/aws/services/awslambda/awslambda_function_inside_vpc/awslambda_function_inside_vpc.metadata.json +26 -13
- prowler/providers/aws/services/awslambda/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled/awslambda_function_invoke_api_operations_cloudtrail_logging_enabled.metadata.json +20 -13
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_code/awslambda_function_no_secrets_in_code.metadata.json +18 -9
- prowler/providers/aws/services/awslambda/awslambda_function_no_secrets_in_variables/awslambda_function_no_secrets_in_variables.metadata.json +20 -12
- prowler/providers/aws/services/awslambda/awslambda_function_not_publicly_accessible/awslambda_function_not_publicly_accessible.metadata.json +21 -12
- prowler/providers/aws/services/awslambda/awslambda_function_url_cors_policy/awslambda_function_url_cors_policy.metadata.json +24 -13
- prowler/providers/aws/services/awslambda/awslambda_function_url_public/awslambda_function_url_public.metadata.json +22 -12
- prowler/providers/aws/services/awslambda/awslambda_function_using_supported_runtimes/awslambda_function_using_supported_runtimes.metadata.json +24 -13
- prowler/providers/aws/services/awslambda/awslambda_function_vpc_multi_az/awslambda_function_vpc_multi_az.metadata.json +23 -13
- prowler/providers/aws/services/backup/backup_plans_exist/backup_plans_exist.metadata.json +22 -15
- prowler/providers/aws/services/backup/backup_recovery_point_encrypted/backup_recovery_point_encrypted.metadata.json +21 -12
- prowler/providers/aws/services/backup/backup_reportplans_exist/backup_reportplans_exist.metadata.json +19 -15
- prowler/providers/aws/services/backup/backup_vaults_encrypted/backup_vaults_encrypted.metadata.json +24 -13
- prowler/providers/aws/services/backup/backup_vaults_exist/backup_vaults_exist.metadata.json +19 -15
- prowler/providers/aws/services/cloudformation/cloudformation_stack_cdktoolkit_bootstrap_version/cloudformation_stack_cdktoolkit_bootstrap_version.metadata.json +24 -13
- prowler/providers/aws/services/cloudformation/cloudformation_stack_outputs_find_secrets/cloudformation_stack_outputs_find_secrets.metadata.json +22 -12
- prowler/providers/aws/services/cloudformation/cloudformation_stacks_termination_protection_enabled/cloudformation_stacks_termination_protection_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_custom_ssl_certificate/cloudfront_distributions_custom_ssl_certificate.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_default_root_object/cloudfront_distributions_default_root_object.metadata.json +19 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_field_level_encryption_enabled/cloudfront_distributions_field_level_encryption_enabled.metadata.json +19 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_geo_restrictions_enabled/cloudfront_distributions_geo_restrictions_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_enabled/cloudfront_distributions_https_enabled.metadata.json +21 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_https_sni_enabled/cloudfront_distributions_https_sni_enabled.metadata.json +20 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_logging_enabled/cloudfront_distributions_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_multiple_origin_failover_configured/cloudfront_distributions_multiple_origin_failover_configured.metadata.json +21 -16
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_origin_traffic_encrypted/cloudfront_distributions_origin_traffic_encrypted.metadata.json +27 -14
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_access_control/cloudfront_distributions_s3_origin_access_control.metadata.json +24 -14
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_s3_origin_non_existent_bucket/cloudfront_distributions_s3_origin_non_existent_bucket.metadata.json +18 -11
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_deprecated_ssl_protocols/cloudfront_distributions_using_deprecated_ssl_protocols.metadata.json +20 -12
- prowler/providers/aws/services/cloudfront/cloudfront_distributions_using_waf/cloudfront_distributions_using_waf.metadata.json +21 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_bucket_requires_mfa_delete/cloudtrail_bucket_requires_mfa_delete.metadata.json +16 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_cloudwatch_logging_enabled/cloudtrail_cloudwatch_logging_enabled.metadata.json +19 -15
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +19 -14
- prowler/providers/aws/services/cloudtrail/cloudtrail_kms_encryption_enabled/cloudtrail_kms_encryption_enabled.metadata.json +19 -14
- prowler/providers/aws/services/cloudtrail/cloudtrail_log_file_validation_enabled/cloudtrail_log_file_validation_enabled.metadata.json +20 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_access_logging_enabled/cloudtrail_logs_s3_bucket_access_logging_enabled.metadata.json +18 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_logs_s3_bucket_is_not_publicly_accessible/cloudtrail_logs_s3_bucket_is_not_publicly_accessible.metadata.json +24 -16
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled/cloudtrail_multi_region_enabled.metadata.json +17 -13
- prowler/providers/aws/services/cloudtrail/cloudtrail_multi_region_enabled_logging_management_events/cloudtrail_multi_region_enabled_logging_management_events.metadata.json +19 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_read_enabled/cloudtrail_s3_dataevents_read_enabled.metadata.json +22 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_s3_dataevents_write_enabled/cloudtrail_s3_dataevents_write_enabled.metadata.json +21 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_enumeration/cloudtrail_threat_detection_enumeration.metadata.json +22 -11
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_llm_jacking/cloudtrail_threat_detection_llm_jacking.metadata.json +25 -12
- prowler/providers/aws/services/cloudtrail/cloudtrail_threat_detection_privilege_escalation/cloudtrail_threat_detection_privilege_escalation.metadata.json +18 -10
- prowler/providers/aws/services/config/config_recorder_all_regions_enabled/config_recorder_all_regions_enabled.metadata.json +20 -12
- prowler/providers/aws/services/config/config_recorder_using_aws_service_role/config_recorder_using_aws_service_role.metadata.json +20 -13
- prowler/providers/aws/services/directoryservice/directoryservice_directory_log_forwarding_enabled/directoryservice_directory_log_forwarding_enabled.metadata.json +20 -11
- prowler/providers/aws/services/directoryservice/directoryservice_directory_monitor_notifications/directoryservice_directory_monitor_notifications.metadata.json +19 -11
- prowler/providers/aws/services/directoryservice/directoryservice_directory_snapshots_limit/directoryservice_directory_snapshots_limit.metadata.json +19 -10
- prowler/providers/aws/services/directoryservice/directoryservice_ldap_certificate_expiration/directoryservice_ldap_certificate_expiration.metadata.json +20 -11
- prowler/providers/aws/services/directoryservice/directoryservice_radius_server_security_protocol/directoryservice_radius_server_security_protocol.metadata.json +23 -12
- prowler/providers/aws/services/directoryservice/directoryservice_supported_mfa_radius_enabled/directoryservice_supported_mfa_radius_enabled.metadata.json +23 -12
- prowler/providers/aws/services/dlm/dlm_ebs_snapshot_lifecycle_policy_exists/dlm_ebs_snapshot_lifecycle_policy_exists.metadata.json +19 -13
- prowler/providers/aws/services/dms/dms_endpoint_mongodb_authentication_enabled/dms_endpoint_mongodb_authentication_enabled.metadata.json +20 -13
- prowler/providers/aws/services/dms/dms_endpoint_neptune_iam_authorization_enabled/dms_endpoint_neptune_iam_authorization_enabled.metadata.json +19 -12
- prowler/providers/aws/services/dms/dms_endpoint_redis_in_transit_encryption_enabled/dms_endpoint_redis_in_transit_encryption_enabled.metadata.json +23 -13
- prowler/providers/aws/services/dms/dms_endpoint_ssl_enabled/dms_endpoint_ssl_enabled.metadata.json +27 -19
- prowler/providers/aws/services/dms/dms_instance_minor_version_upgrade_enabled/dms_instance_minor_version_upgrade_enabled.metadata.json +22 -12
- prowler/providers/aws/services/dms/dms_instance_multi_az_enabled/dms_instance_multi_az_enabled.metadata.json +20 -13
- prowler/providers/aws/services/dms/dms_instance_no_public_access/dms_instance_no_public_access.metadata.json +22 -11
- prowler/providers/aws/services/dms/dms_replication_task_source_logging_enabled/dms_replication_task_source_logging_enabled.metadata.json +21 -13
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/dms/dms_replication_task_target_logging_enabled/dms_replication_task_target_logging_enabled.py +39 -37
- prowler/providers/aws/services/dms/dms_service.py +0 -1
- prowler/providers/aws/services/ec2/ec2_ami_public/ec2_ami_public.py +11 -10
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/__init__.py +0 -0
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.metadata.json +30 -0
- prowler/providers/aws/services/ec2/ec2_instance_with_outdated_ami/ec2_instance_with_outdated_ami.py +52 -0
- prowler/providers/aws/services/ec2/ec2_service.py +26 -14
- prowler/providers/aws/services/efs/efs_access_point_enforce_root_directory/efs_access_point_enforce_root_directory.metadata.json +19 -13
- prowler/providers/aws/services/efs/efs_access_point_enforce_user_identity/efs_access_point_enforce_user_identity.metadata.json +23 -13
- prowler/providers/aws/services/efs/efs_encryption_at_rest_enabled/efs_encryption_at_rest_enabled.metadata.json +23 -13
- prowler/providers/aws/services/efs/efs_have_backup_enabled/efs_have_backup_enabled.metadata.json +20 -14
- prowler/providers/aws/services/efs/efs_mount_target_not_publicly_accessible/efs_mount_target_not_publicly_accessible.metadata.json +18 -12
- prowler/providers/aws/services/efs/efs_multi_az_enabled/efs_multi_az_enabled.metadata.json +21 -13
- prowler/providers/aws/services/efs/efs_not_publicly_accessible/efs_not_publicly_accessible.metadata.json +17 -13
- prowler/providers/aws/services/eks/eks_cluster_uses_a_supported_version/eks_cluster_uses_a_supported_version.py +4 -0
- prowler/providers/aws/services/elb/elb_ssl_listeners_use_acm_certificate/elb_ssl_listeners_use_acm_certificate.py +8 -2
- prowler/providers/aws/services/neptune/neptune_cluster_backup_enabled/neptune_cluster_backup_enabled.metadata.json +23 -13
- prowler/providers/aws/services/neptune/neptune_cluster_copy_tags_to_snapshots/neptune_cluster_copy_tags_to_snapshots.metadata.json +18 -14
- prowler/providers/aws/services/neptune/neptune_cluster_deletion_protection/neptune_cluster_deletion_protection.metadata.json +23 -14
- prowler/providers/aws/services/neptune/neptune_cluster_iam_authentication_enabled/neptune_cluster_iam_authentication_enabled.metadata.json +25 -13
- prowler/providers/aws/services/neptune/neptune_cluster_integration_cloudwatch_logs/neptune_cluster_integration_cloudwatch_logs.metadata.json +22 -14
- prowler/providers/aws/services/neptune/neptune_cluster_multi_az/neptune_cluster_multi_az.metadata.json +20 -12
- prowler/providers/aws/services/neptune/neptune_cluster_public_snapshot/neptune_cluster_public_snapshot.metadata.json +18 -10
- prowler/providers/aws/services/neptune/neptune_cluster_snapshot_encrypted/neptune_cluster_snapshot_encrypted.metadata.json +16 -10
- prowler/providers/aws/services/neptune/neptune_cluster_storage_encrypted/neptune_cluster_storage_encrypted.metadata.json +22 -13
- prowler/providers/aws/services/neptune/neptune_cluster_uses_public_subnet/neptune_cluster_uses_public_subnet.metadata.json +20 -12
- prowler/providers/aws/services/rds/rds_service.py +9 -2
- prowler/providers/aws/services/vpc/vpc_service.py +1 -1
- prowler/providers/azure/services/entra/entra_service.py +54 -25
- prowler/providers/common/arguments.py +16 -2
- prowler/providers/common/provider.py +34 -2
- prowler/providers/gcp/services/cloudsql/cloudsql_service.py +3 -3
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.metadata.json +34 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_bucket_lifecycle_management_enabled/cloudstorage_bucket_lifecycle_management_enabled.py +48 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +10 -0
- prowler/providers/gcp/services/compute/compute_project_os_login_enabled/compute_project_os_login_enabled.py +5 -0
- prowler/providers/gcp/services/iam/iam_audit_logs_enabled/iam_audit_logs_enabled.py +5 -0
- prowler/providers/gcp/services/iam/iam_role_kms_enforce_separation_of_duties/iam_role_kms_enforce_separation_of_duties.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_audit_configuration_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled/logging_log_metric_filter_and_alert_for_bucket_permission_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled/logging_log_metric_filter_and_alert_for_custom_role_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled/logging_log_metric_filter_and_alert_for_project_ownership_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled/logging_log_metric_filter_and_alert_for_sql_instance_configuration_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_firewall_rule_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled/logging_log_metric_filter_and_alert_for_vpc_network_route_changes_enabled.py +5 -0
- prowler/providers/gcp/services/logging/logging_sink_created/logging_sink_created.py +5 -0
- prowler/providers/gcp/services/monitoring/monitoring_service.py +30 -2
- prowler/providers/iac/iac_provider.py +1 -1
- prowler/providers/llm/__init__.py +0 -0
- prowler/providers/llm/lib/__init__.py +0 -0
- prowler/providers/llm/lib/arguments/__init__.py +0 -0
- prowler/providers/llm/lib/arguments/arguments.py +13 -0
- prowler/providers/llm/llm_provider.py +518 -0
- prowler/providers/llm/models.py +27 -0
- prowler/providers/m365/exceptions/exceptions.py +0 -55
- prowler/providers/m365/lib/arguments/arguments.py +8 -4
- prowler/providers/m365/lib/powershell/m365_powershell.py +14 -156
- prowler/providers/m365/m365_provider.py +19 -117
- prowler/providers/m365/models.py +0 -3
- prowler/providers/m365/services/admincenter/admincenter_service.py +52 -23
- prowler/providers/m365/services/entra/entra_admin_users_phishing_resistant_mfa_enabled/entra_admin_users_phishing_resistant_mfa_enabled.py +19 -2
- prowler/providers/m365/services/entra/entra_service.py +58 -30
- prowler/providers/m365/services/sharepoint/sharepoint_service.py +24 -3
- prowler/providers/oraclecloud/__init__.py +0 -0
- prowler/providers/oraclecloud/config.py +61 -0
- prowler/providers/oraclecloud/exceptions/__init__.py +0 -0
- prowler/providers/oraclecloud/exceptions/exceptions.py +197 -0
- prowler/providers/oraclecloud/lib/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/arguments/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/arguments/arguments.py +123 -0
- prowler/providers/oraclecloud/lib/mutelist/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/mutelist/mutelist.py +176 -0
- prowler/providers/oraclecloud/lib/service/__init__.py +0 -0
- prowler/providers/oraclecloud/lib/service/service.py +213 -0
- prowler/providers/oraclecloud/models.py +96 -0
- prowler/providers/oraclecloud/oci_provider.py +1038 -0
- prowler/providers/oraclecloud/services/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/analytics_client.py +6 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/analytics/analytics_instance_access_restricted/analytics_instance_access_restricted.py +48 -0
- prowler/providers/oraclecloud/services/analytics/analytics_service.py +99 -0
- prowler/providers/oraclecloud/services/audit/__init__.py +0 -0
- prowler/providers/oraclecloud/services/audit/audit_client.py +4 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.metadata.json +37 -0
- prowler/providers/oraclecloud/services/audit/audit_log_retention_period_365_days/audit_log_retention_period_365_days.py +46 -0
- prowler/providers/oraclecloud/services/audit/audit_service.py +57 -0
- prowler/providers/oraclecloud/services/blockstorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.metadata.json +37 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_block_volume_encrypted_with_cmk/blockstorage_block_volume_encrypted_with_cmk.py +39 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.metadata.json +36 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_boot_volume_encrypted_with_cmk/blockstorage_boot_volume_encrypted_with_cmk.py +35 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_client.py +6 -0
- prowler/providers/oraclecloud/services/blockstorage/blockstorage_service.py +182 -0
- prowler/providers/oraclecloud/services/cloudguard/__init__.py +0 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_client.py +6 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_enabled/cloudguard_enabled.py +39 -0
- prowler/providers/oraclecloud/services/cloudguard/cloudguard_service.py +63 -0
- prowler/providers/oraclecloud/services/compute/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_client.py +4 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_in_transit_encryption_enabled/compute_instance_in_transit_encryption_enabled.py +38 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_legacy_metadata_endpoint_disabled/compute_instance_legacy_metadata_endpoint_disabled.py +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/compute/compute_instance_secure_boot_enabled/compute_instance_secure_boot_enabled.py +39 -0
- prowler/providers/oraclecloud/services/compute/compute_service.py +136 -0
- prowler/providers/oraclecloud/services/database/__init__.py +0 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/database/database_autonomous_database_access_restricted/database_autonomous_database_access_restricted.py +40 -0
- prowler/providers/oraclecloud/services/database/database_client.py +6 -0
- prowler/providers/oraclecloud/services/database/database_service.py +79 -0
- prowler/providers/oraclecloud/services/events/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_client.py +4 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_notification_topic_and_subscription_exists/events_notification_topic_and_subscription_exists.py +53 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.metadata.json +36 -0
- prowler/providers/oraclecloud/services/events/events_rule_cloudguard_problems/events_rule_cloudguard_problems.py +90 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_group_changes/events_rule_iam_group_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_iam_policy_changes/events_rule_iam_policy_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_identity_provider_changes/events_rule_identity_provider_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_idp_group_mapping_changes/events_rule_idp_group_mapping_changes.py +67 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.metadata.json +38 -0
- prowler/providers/oraclecloud/services/events/events_rule_local_user_authentication/events_rule_local_user_authentication.py +63 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_gateway_changes/events_rule_network_gateway_changes.py +88 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_network_security_group_changes/events_rule_network_security_group_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_route_table_changes/events_rule_route_table_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_security_list_changes/events_rule_security_list_changes.py +68 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_user_changes/events_rule_user_changes.py +69 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.metadata.json +37 -0
- prowler/providers/oraclecloud/services/events/events_rule_vcn_changes/events_rule_vcn_changes.py +65 -0
- prowler/providers/oraclecloud/services/events/events_service.py +215 -0
- prowler/providers/oraclecloud/services/events/lib/__init__.py +0 -0
- prowler/providers/oraclecloud/services/events/lib/helpers.py +116 -0
- prowler/providers/oraclecloud/services/filestorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_client.py +6 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.metadata.json +36 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_file_system_encrypted_with_cmk/filestorage_file_system_encrypted_with_cmk.py +39 -0
- prowler/providers/oraclecloud/services/filestorage/filestorage_service.py +96 -0
- prowler/providers/oraclecloud/services/identity/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_client.py +4 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_iam_admins_cannot_update_tenancy_admins/identity_iam_admins_cannot_update_tenancy_admins.py +107 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_instance_principal_used/identity_instance_principal_used.py +70 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_no_resources_in_root_compartment/identity_no_resources_in_root_compartment.py +51 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_non_root_compartment_exists/identity_non_root_compartment_exists.py +39 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_expires_within_365_days/identity_password_policy_expires_within_365_days.py +67 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_minimum_length_14/identity_password_policy_minimum_length_14.py +97 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_password_policy_prevents_reuse/identity_password_policy_prevents_reuse.py +77 -0
- prowler/providers/oraclecloud/services/identity/identity_service.py +828 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.metadata.json +32 -0
- prowler/providers/oraclecloud/services/identity/identity_service_level_admins_exist/identity_service_level_admins_exist.py +81 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_permissions_limited/identity_tenancy_admin_permissions_limited.py +81 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_tenancy_admin_users_no_api_keys/identity_tenancy_admin_users_no_api_keys.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.metadata.json +37 -0
- prowler/providers/oraclecloud/services/identity/identity_user_api_keys_rotated_90_days/identity_user_api_keys_rotated_90_days.py +73 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_auth_tokens_rotated_90_days/identity_user_auth_tokens_rotated_90_days.py +52 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_customer_secret_keys_rotated_90_days/identity_user_customer_secret_keys_rotated_90_days.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_db_passwords_rotated_90_days/identity_user_db_passwords_rotated_90_days.py +49 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_mfa_enabled_console_access/identity_user_mfa_enabled_console_access.py +43 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/__init__.py +0 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.metadata.json +36 -0
- prowler/providers/oraclecloud/services/identity/identity_user_valid_email_address/identity_user_valid_email_address.py +38 -0
- prowler/providers/oraclecloud/services/integration/__init__.py +0 -0
- prowler/providers/oraclecloud/services/integration/integration_client.py +8 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/__init__.py +0 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.metadata.json +36 -0
- prowler/providers/oraclecloud/services/integration/integration_instance_access_restricted/integration_instance_access_restricted.py +48 -0
- prowler/providers/oraclecloud/services/integration/integration_service.py +92 -0
- prowler/providers/oraclecloud/services/kms/__init__.py +0 -0
- prowler/providers/oraclecloud/services/kms/kms_client.py +4 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/kms/kms_key_rotation_enabled/kms_key_rotation_enabled.py +37 -0
- prowler/providers/oraclecloud/services/kms/kms_service.py +136 -0
- prowler/providers/oraclecloud/services/logging/__init__.py +0 -0
- prowler/providers/oraclecloud/services/logging/logging_client.py +6 -0
- prowler/providers/oraclecloud/services/logging/logging_service.py +189 -0
- prowler/providers/oraclecloud/services/network/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_client.py +4 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_default_security_list_restricts_traffic/network_default_security_list_restricts_traffic.py +99 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_rdp_port/network_security_group_ingress_from_internet_to_rdp_port.py +65 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.metadata.json +37 -0
- prowler/providers/oraclecloud/services/network/network_security_group_ingress_from_internet_to_ssh_port/network_security_group_ingress_from_internet_to_ssh_port.py +70 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_rdp_port/network_security_list_ingress_from_internet_to_rdp_port.py +62 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.metadata.json +37 -0
- prowler/providers/oraclecloud/services/network/network_security_list_ingress_from_internet_to_ssh_port/network_security_list_ingress_from_internet_to_ssh_port.py +67 -0
- prowler/providers/oraclecloud/services/network/network_service.py +321 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.metadata.json +36 -0
- prowler/providers/oraclecloud/services/network/network_vcn_subnet_flow_logs_enabled/network_vcn_subnet_flow_logs_enabled.py +66 -0
- prowler/providers/oraclecloud/services/objectstorage/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_encrypted_with_cmk/objectstorage_bucket_encrypted_with_cmk.py +40 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.metadata.json +32 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_logging_enabled/objectstorage_bucket_logging_enabled.py +68 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_not_publicly_accessible/objectstorage_bucket_not_publicly_accessible.py +43 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/__init__.py +0 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.metadata.json +37 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_bucket_versioning_enabled/objectstorage_bucket_versioning_enabled.py +38 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_client.py +6 -0
- prowler/providers/oraclecloud/services/objectstorage/objectstorage_service.py +138 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/METADATA +9 -33
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/RECORD +528 -280
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.12.3.dist-info → prowler_cloud-5.13.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,136 @@
|
|
|
1
|
+
"""OCI Compute Service Module."""
|
|
2
|
+
|
|
3
|
+
from typing import Optional
|
|
4
|
+
|
|
5
|
+
import oci
|
|
6
|
+
from pydantic import BaseModel
|
|
7
|
+
|
|
8
|
+
from prowler.lib.logger import logger
|
|
9
|
+
from prowler.providers.oraclecloud.lib.service.service import OCIService
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class Compute(OCIService):
|
|
13
|
+
"""OCI Compute Service class to retrieve compute instances."""
|
|
14
|
+
|
|
15
|
+
def __init__(self, provider):
|
|
16
|
+
"""
|
|
17
|
+
Initialize the Compute service.
|
|
18
|
+
|
|
19
|
+
Args:
|
|
20
|
+
provider: The OCI provider instance
|
|
21
|
+
"""
|
|
22
|
+
super().__init__("compute", provider)
|
|
23
|
+
self.instances = []
|
|
24
|
+
self.__threading_call__(self.__list_instances__)
|
|
25
|
+
|
|
26
|
+
def __get_client__(self, region):
|
|
27
|
+
"""
|
|
28
|
+
Get the Compute client for a region.
|
|
29
|
+
|
|
30
|
+
Args:
|
|
31
|
+
region: Region key
|
|
32
|
+
|
|
33
|
+
Returns:
|
|
34
|
+
Compute client instance
|
|
35
|
+
"""
|
|
36
|
+
client_region = self.regional_clients.get(region)
|
|
37
|
+
if client_region:
|
|
38
|
+
return self._create_oci_client(oci.core.ComputeClient)
|
|
39
|
+
return None
|
|
40
|
+
|
|
41
|
+
def __list_instances__(self, regional_client):
|
|
42
|
+
"""
|
|
43
|
+
List all compute instances in the compartments.
|
|
44
|
+
|
|
45
|
+
Args:
|
|
46
|
+
regional_client: Regional OCI client
|
|
47
|
+
"""
|
|
48
|
+
try:
|
|
49
|
+
compute_client = self.__get_client__(regional_client.region)
|
|
50
|
+
if not compute_client:
|
|
51
|
+
return
|
|
52
|
+
|
|
53
|
+
logger.info(f"Compute - Listing Instances in {regional_client.region}...")
|
|
54
|
+
|
|
55
|
+
for compartment in self.audited_compartments:
|
|
56
|
+
try:
|
|
57
|
+
instances = oci.pagination.list_call_get_all_results(
|
|
58
|
+
compute_client.list_instances, compartment_id=compartment.id
|
|
59
|
+
).data
|
|
60
|
+
|
|
61
|
+
for instance in instances:
|
|
62
|
+
if instance.lifecycle_state not in [
|
|
63
|
+
"TERMINATED",
|
|
64
|
+
"TERMINATING",
|
|
65
|
+
]:
|
|
66
|
+
# Get instance metadata options
|
|
67
|
+
metadata_options = (
|
|
68
|
+
instance.instance_options.are_legacy_imds_endpoints_disabled
|
|
69
|
+
if hasattr(instance, "instance_options")
|
|
70
|
+
and hasattr(
|
|
71
|
+
instance.instance_options,
|
|
72
|
+
"are_legacy_imds_endpoints_disabled",
|
|
73
|
+
)
|
|
74
|
+
else None
|
|
75
|
+
)
|
|
76
|
+
|
|
77
|
+
# Get secure boot status
|
|
78
|
+
is_secure_boot_enabled = (
|
|
79
|
+
instance.platform_config.is_secure_boot_enabled
|
|
80
|
+
if hasattr(instance, "platform_config")
|
|
81
|
+
and hasattr(
|
|
82
|
+
instance.platform_config, "is_secure_boot_enabled"
|
|
83
|
+
)
|
|
84
|
+
else False
|
|
85
|
+
)
|
|
86
|
+
|
|
87
|
+
# Get in-transit encryption status from launch options
|
|
88
|
+
is_pv_encryption_in_transit_enabled = (
|
|
89
|
+
instance.launch_options.is_pv_encryption_in_transit_enabled
|
|
90
|
+
if hasattr(instance, "launch_options")
|
|
91
|
+
and hasattr(
|
|
92
|
+
instance.launch_options,
|
|
93
|
+
"is_pv_encryption_in_transit_enabled",
|
|
94
|
+
)
|
|
95
|
+
else None
|
|
96
|
+
)
|
|
97
|
+
|
|
98
|
+
self.instances.append(
|
|
99
|
+
Instance(
|
|
100
|
+
id=instance.id,
|
|
101
|
+
name=(
|
|
102
|
+
instance.display_name
|
|
103
|
+
if hasattr(instance, "display_name")
|
|
104
|
+
else instance.id
|
|
105
|
+
),
|
|
106
|
+
compartment_id=compartment.id,
|
|
107
|
+
region=regional_client.region,
|
|
108
|
+
lifecycle_state=instance.lifecycle_state,
|
|
109
|
+
are_legacy_imds_endpoints_disabled=metadata_options,
|
|
110
|
+
is_secure_boot_enabled=is_secure_boot_enabled,
|
|
111
|
+
is_pv_encryption_in_transit_enabled=is_pv_encryption_in_transit_enabled,
|
|
112
|
+
)
|
|
113
|
+
)
|
|
114
|
+
except Exception as error:
|
|
115
|
+
logger.error(
|
|
116
|
+
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
117
|
+
)
|
|
118
|
+
continue
|
|
119
|
+
except Exception as error:
|
|
120
|
+
logger.error(
|
|
121
|
+
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
122
|
+
)
|
|
123
|
+
|
|
124
|
+
|
|
125
|
+
# Service Models
|
|
126
|
+
class Instance(BaseModel):
|
|
127
|
+
"""OCI Compute Instance model."""
|
|
128
|
+
|
|
129
|
+
id: str
|
|
130
|
+
name: str
|
|
131
|
+
compartment_id: str
|
|
132
|
+
region: str
|
|
133
|
+
lifecycle_state: str
|
|
134
|
+
are_legacy_imds_endpoints_disabled: Optional[bool] = None
|
|
135
|
+
is_secure_boot_enabled: bool = False
|
|
136
|
+
is_pv_encryption_in_transit_enabled: Optional[bool] = None
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "oci",
|
|
3
|
+
"CheckID": "database_autonomous_database_access_restricted",
|
|
4
|
+
"CheckTitle": "Ensure Oracle Autonomous Shared Database (ADB) access is restricted or deployed within a VCN",
|
|
5
|
+
"CheckType": [
|
|
6
|
+
"Software and Configuration Checks",
|
|
7
|
+
"Industry and Regulatory Standards",
|
|
8
|
+
"CIS OCI Foundations Benchmark"
|
|
9
|
+
],
|
|
10
|
+
"ServiceName": "database",
|
|
11
|
+
"SubServiceName": "",
|
|
12
|
+
"ResourceIdTemplate": "oci:database:autonomousdatabase",
|
|
13
|
+
"Severity": "high",
|
|
14
|
+
"ResourceType": "AutonomousDatabase",
|
|
15
|
+
"Description": "Autonomous Shared Database instances should either have IP whitelisting configured or be deployed within a VCN to restrict network access and improve security posture.",
|
|
16
|
+
"Risk": "Public or unrestricted Autonomous Database access increases the attack surface and risk of unauthorized access.",
|
|
17
|
+
"RelatedUrl": "https://docs.oracle.com/en/cloud/paas/autonomous-database/adbsa/autonomous-private-endpoints.html",
|
|
18
|
+
"Remediation": {
|
|
19
|
+
"Code": {
|
|
20
|
+
"CLI": "oci db autonomous-database create-private-endpoint --autonomous-database-id <adb-ocid> --subnet-id <subnet-ocid>",
|
|
21
|
+
"NativeIaC": "",
|
|
22
|
+
"Other": "1. Navigate to Autonomous Database\n2. Select the database instance\n3. Click 'More Actions' → 'Update'\n4. Under Network Access, select 'Private endpoint access only'\n5. Configure VCN and subnet for private endpoint\n6. Alternatively, configure Access Control List (ACL) with specific IP addresses",
|
|
23
|
+
"Terraform": "resource \"oci_database_autonomous_database\" \"adb\" {\n compartment_id = var.compartment_id\n db_name = \"MyADB\"\n display_name = \"My Autonomous Database\"\n is_free_tier = false\n db_workload = \"OLTP\"\n whitelisted_ips = [\"10.0.0.0/24\"]\n nsg_ids = [oci_core_network_security_group.adb_nsg.id]\n subnet_id = oci_core_subnet.private_subnet.id\n}"
|
|
24
|
+
},
|
|
25
|
+
"Recommendation": {
|
|
26
|
+
"Text": "Deploy Autonomous Databases within a VCN using private endpoints or configure strict IP whitelisting to restrict access.",
|
|
27
|
+
"Url": "https://hub.prowler.com/check/oci/database_autonomous_database_access_restricted"
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
"Categories": [
|
|
31
|
+
"network-security"
|
|
32
|
+
],
|
|
33
|
+
"DependsOn": [],
|
|
34
|
+
"RelatedTo": [],
|
|
35
|
+
"Notes": ""
|
|
36
|
+
}
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
from prowler.lib.check.models import Check, Check_Report_OCI
|
|
2
|
+
from prowler.providers.oraclecloud.services.database.database_client import (
|
|
3
|
+
database_client,
|
|
4
|
+
)
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
class database_autonomous_database_access_restricted(Check):
|
|
8
|
+
"""Ensure Oracle Autonomous Shared Database (ADB) access is restricted or deployed within a VCN (CIS 2.8)"""
|
|
9
|
+
|
|
10
|
+
def execute(self):
|
|
11
|
+
findings = []
|
|
12
|
+
|
|
13
|
+
for adb in database_client.autonomous_databases:
|
|
14
|
+
report = Check_Report_OCI(
|
|
15
|
+
metadata=self.metadata(),
|
|
16
|
+
resource=adb,
|
|
17
|
+
region=adb.region,
|
|
18
|
+
compartment_id=adb.compartment_id,
|
|
19
|
+
resource_id=adb.id,
|
|
20
|
+
resource_name=adb.display_name,
|
|
21
|
+
)
|
|
22
|
+
|
|
23
|
+
# Check if database has no whitelisted IPs and no subnet (unrestricted public access)
|
|
24
|
+
if not adb.whitelisted_ips and not adb.subnet_id:
|
|
25
|
+
report.status = "FAIL"
|
|
26
|
+
report.status_extended = f"Autonomous Database {adb.display_name} has unrestricted public access with no whitelisted IPs and is not deployed in a VCN."
|
|
27
|
+
# Check if database has whitelisted IPs containing 0.0.0.0/0
|
|
28
|
+
elif adb.whitelisted_ips and "0.0.0.0/0" in adb.whitelisted_ips:
|
|
29
|
+
report.status = "FAIL"
|
|
30
|
+
report.status_extended = f"Autonomous Database {adb.display_name} has unrestricted public access with IP range 0.0.0.0/0 in whitelisted IPs."
|
|
31
|
+
else:
|
|
32
|
+
report.status = "PASS"
|
|
33
|
+
if adb.subnet_id:
|
|
34
|
+
report.status_extended = f"Autonomous Database {adb.display_name} is deployed within a VCN."
|
|
35
|
+
else:
|
|
36
|
+
report.status_extended = f"Autonomous Database {adb.display_name} has restricted public access with whitelisted IPs."
|
|
37
|
+
|
|
38
|
+
findings.append(report)
|
|
39
|
+
|
|
40
|
+
return findings
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
"""OCI Database service."""
|
|
2
|
+
|
|
3
|
+
from typing import Optional
|
|
4
|
+
|
|
5
|
+
import oci
|
|
6
|
+
from pydantic import BaseModel
|
|
7
|
+
|
|
8
|
+
from prowler.lib.logger import logger
|
|
9
|
+
from prowler.providers.oraclecloud.lib.service.service import OCIService
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class Database(OCIService):
|
|
13
|
+
"""OCI Database service class."""
|
|
14
|
+
|
|
15
|
+
def __init__(self, provider):
|
|
16
|
+
"""Initialize Database service."""
|
|
17
|
+
super().__init__("database", provider)
|
|
18
|
+
self.autonomous_databases = []
|
|
19
|
+
self.__threading_call_by_region_and_compartment__(
|
|
20
|
+
self.__list_autonomous_databases__
|
|
21
|
+
)
|
|
22
|
+
|
|
23
|
+
def __get_client__(self, region: str) -> oci.database.DatabaseClient:
|
|
24
|
+
"""Get OCI Database client for a region."""
|
|
25
|
+
return self._create_oci_client(
|
|
26
|
+
oci.database.DatabaseClient, config_overrides={"region": region}
|
|
27
|
+
)
|
|
28
|
+
|
|
29
|
+
def __list_autonomous_databases__(self, region, compartment):
|
|
30
|
+
"""List all autonomous databases in a compartment."""
|
|
31
|
+
try:
|
|
32
|
+
region_key = region.key if hasattr(region, "key") else str(region)
|
|
33
|
+
database_client = self.__get_client__(region_key)
|
|
34
|
+
|
|
35
|
+
autonomous_dbs = oci.pagination.list_call_get_all_results(
|
|
36
|
+
database_client.list_autonomous_databases, compartment_id=compartment.id
|
|
37
|
+
).data
|
|
38
|
+
|
|
39
|
+
for adb in autonomous_dbs:
|
|
40
|
+
# Only include databases not in TERMINATED, TERMINATING, or UNAVAILABLE states
|
|
41
|
+
if adb.lifecycle_state not in [
|
|
42
|
+
oci.database.models.AutonomousDatabaseSummary.LIFECYCLE_STATE_TERMINATED,
|
|
43
|
+
oci.database.models.AutonomousDatabaseSummary.LIFECYCLE_STATE_TERMINATING,
|
|
44
|
+
oci.database.models.AutonomousDatabaseSummary.LIFECYCLE_STATE_UNAVAILABLE,
|
|
45
|
+
]:
|
|
46
|
+
self.autonomous_databases.append(
|
|
47
|
+
AutonomousDatabase(
|
|
48
|
+
id=adb.id,
|
|
49
|
+
display_name=adb.display_name,
|
|
50
|
+
compartment_id=adb.compartment_id,
|
|
51
|
+
region=region_key,
|
|
52
|
+
lifecycle_state=adb.lifecycle_state,
|
|
53
|
+
whitelisted_ips=(
|
|
54
|
+
adb.whitelisted_ips if adb.whitelisted_ips else []
|
|
55
|
+
),
|
|
56
|
+
subnet_id=adb.subnet_id,
|
|
57
|
+
db_name=getattr(adb, "db_name", None),
|
|
58
|
+
db_workload=getattr(adb, "db_workload", None),
|
|
59
|
+
)
|
|
60
|
+
)
|
|
61
|
+
|
|
62
|
+
except Exception as error:
|
|
63
|
+
logger.error(
|
|
64
|
+
f"{region_key if 'region_key' in locals() else region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
65
|
+
)
|
|
66
|
+
|
|
67
|
+
|
|
68
|
+
class AutonomousDatabase(BaseModel):
|
|
69
|
+
"""OCI Autonomous Database model."""
|
|
70
|
+
|
|
71
|
+
id: str
|
|
72
|
+
display_name: str
|
|
73
|
+
compartment_id: str
|
|
74
|
+
region: str
|
|
75
|
+
lifecycle_state: str
|
|
76
|
+
whitelisted_ips: list[str]
|
|
77
|
+
subnet_id: Optional[str]
|
|
78
|
+
db_name: Optional[str] = None
|
|
79
|
+
db_workload: Optional[str] = None
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "oci",
|
|
3
|
+
"CheckID": "events_notification_topic_and_subscription_exists",
|
|
4
|
+
"CheckTitle": "Create at least one notification topic and subscription to receive monitoring alerts",
|
|
5
|
+
"CheckType": [
|
|
6
|
+
"Software and Configuration Checks",
|
|
7
|
+
"Industry and Regulatory Standards",
|
|
8
|
+
"CIS OCI Foundations Benchmark"
|
|
9
|
+
],
|
|
10
|
+
"ServiceName": "events",
|
|
11
|
+
"SubServiceName": "",
|
|
12
|
+
"ResourceIdTemplate": "oci:events:rule",
|
|
13
|
+
"Severity": "medium",
|
|
14
|
+
"ResourceType": "OciEventsRule",
|
|
15
|
+
"Description": "At least one notification topic and subscription should exist to receive monitoring alerts.",
|
|
16
|
+
"Risk": "Without proper event monitoring, security-relevant changes may go unnoticed.",
|
|
17
|
+
"RelatedUrl": "https://docs.oracle.com/en-us/iaas/Content/Events/home.htm",
|
|
18
|
+
"Remediation": {
|
|
19
|
+
"Code": {
|
|
20
|
+
"CLI": "oci events rule create --display-name <name> --condition <event-condition> --actions <notification-actions>",
|
|
21
|
+
"NativeIaC": "",
|
|
22
|
+
"Other": "1. Navigate to Observability & Management > Events Service\n2. Create a new rule\n3. Configure the event condition\n4. Add notification action\n5. Save the rule",
|
|
23
|
+
"Terraform": "resource \"oci_events_rule\" \"example\" {\n display_name = \"rule\"\n is_enabled = true\n condition = jsonencode({\n eventType = [\"com.oraclecloud.*\"]\n })\n actions {\n actions {\n action_type = \"ONS\"\n topic_id = var.topic_id\n }\n }\n}"
|
|
24
|
+
},
|
|
25
|
+
"Recommendation": {
|
|
26
|
+
"Text": "Create at least one notification topic and subscription to receive monitoring alerts",
|
|
27
|
+
"Url": "https://hub.prowler.com/check/oci/events_notification_topic_and_subscription_exists"
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
"Categories": [
|
|
31
|
+
"logging",
|
|
32
|
+
"monitoring"
|
|
33
|
+
],
|
|
34
|
+
"DependsOn": [],
|
|
35
|
+
"RelatedTo": [],
|
|
36
|
+
"Notes": ""
|
|
37
|
+
}
|
|
@@ -0,0 +1,53 @@
|
|
|
1
|
+
"""Check Create at least one notification topic and subscription to receive monitoring alerts."""
|
|
2
|
+
|
|
3
|
+
from prowler.lib.check.models import Check, Check_Report_OCI
|
|
4
|
+
from prowler.providers.oraclecloud.services.events.events_client import events_client
|
|
5
|
+
|
|
6
|
+
|
|
7
|
+
class events_notification_topic_and_subscription_exists(Check):
|
|
8
|
+
"""Check Create at least one notification topic and subscription to receive monitoring alerts."""
|
|
9
|
+
|
|
10
|
+
def execute(self) -> Check_Report_OCI:
|
|
11
|
+
"""Execute the events_notification_topic_and_subscription_exists check."""
|
|
12
|
+
findings = []
|
|
13
|
+
|
|
14
|
+
# Check if at least one topic with subscriptions exists
|
|
15
|
+
has_topic_with_subscription = any(
|
|
16
|
+
len(topic.subscriptions) > 0 for topic in events_client.topics
|
|
17
|
+
)
|
|
18
|
+
|
|
19
|
+
# Create a single report for tenancy-level check
|
|
20
|
+
# Use the first topic's region if available, otherwise use the first audited region
|
|
21
|
+
region = "global"
|
|
22
|
+
if events_client.topics:
|
|
23
|
+
region = events_client.topics[0].region
|
|
24
|
+
elif events_client.audited_regions:
|
|
25
|
+
# audited_regions contains OCIRegion objects, extract the key
|
|
26
|
+
first_region = events_client.audited_regions[0]
|
|
27
|
+
region = (
|
|
28
|
+
first_region.key if hasattr(first_region, "key") else str(first_region)
|
|
29
|
+
)
|
|
30
|
+
|
|
31
|
+
report = Check_Report_OCI(
|
|
32
|
+
metadata=self.metadata(),
|
|
33
|
+
resource={},
|
|
34
|
+
region=region,
|
|
35
|
+
resource_name="Notification Service",
|
|
36
|
+
resource_id=events_client.audited_tenancy,
|
|
37
|
+
compartment_id=events_client.audited_tenancy,
|
|
38
|
+
)
|
|
39
|
+
|
|
40
|
+
if has_topic_with_subscription:
|
|
41
|
+
report.status = "PASS"
|
|
42
|
+
report.status_extended = (
|
|
43
|
+
"At least one notification topic with active subscriptions exists."
|
|
44
|
+
)
|
|
45
|
+
else:
|
|
46
|
+
report.status = "FAIL"
|
|
47
|
+
report.status_extended = (
|
|
48
|
+
"No notification topics with active subscriptions found."
|
|
49
|
+
)
|
|
50
|
+
|
|
51
|
+
findings.append(report)
|
|
52
|
+
|
|
53
|
+
return findings
|
|
File without changes
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "oci",
|
|
3
|
+
"CheckID": "events_rule_cloudguard_problems",
|
|
4
|
+
"CheckTitle": "Ensure a notification is configured for Oracle Cloud Guard problems detected",
|
|
5
|
+
"CheckType": [
|
|
6
|
+
"Software and Configuration Checks",
|
|
7
|
+
"Industry and Regulatory Standards",
|
|
8
|
+
"CIS OCI Foundations Benchmark"
|
|
9
|
+
],
|
|
10
|
+
"ServiceName": "events",
|
|
11
|
+
"SubServiceName": "",
|
|
12
|
+
"ResourceIdTemplate": "oci:events:rule",
|
|
13
|
+
"Severity": "medium",
|
|
14
|
+
"ResourceType": "OciEventRule",
|
|
15
|
+
"Description": "Ensure a notification is configured for Oracle Cloud Guard problems detected",
|
|
16
|
+
"Risk": "Without Cloud Guard, security threats may not be detected and remediated.",
|
|
17
|
+
"RelatedUrl": "https://docs.oracle.com/en-us/iaas/cloud-guard/home.htm",
|
|
18
|
+
"Remediation": {
|
|
19
|
+
"Code": {
|
|
20
|
+
"CLI": "oci cloud-guard configuration update --compartment-id <tenancy-ocid> --status ENABLED --reporting-region <region>",
|
|
21
|
+
"NativeIaC": "",
|
|
22
|
+
"Other": "1. Navigate to Security > Cloud Guard\n2. Enable Cloud Guard\n3. Select reporting region\n4. Configure detectors and responders",
|
|
23
|
+
"Terraform": "resource \"oci_cloud_guard_cloud_guard_configuration\" \"example\" {\n compartment_id = var.tenancy_ocid\n reporting_region = var.region\n status = \"ENABLED\"\n}"
|
|
24
|
+
},
|
|
25
|
+
"Recommendation": {
|
|
26
|
+
"Text": "Ensure a notification is configured for Oracle Cloud Guard problems detected",
|
|
27
|
+
"Url": "https://hub.prowler.com/check/oci/cloudguard_notification_configured"
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
"Categories": [
|
|
31
|
+
"monitoring"
|
|
32
|
+
],
|
|
33
|
+
"DependsOn": [],
|
|
34
|
+
"RelatedTo": [],
|
|
35
|
+
"Notes": ""
|
|
36
|
+
}
|
|
@@ -0,0 +1,90 @@
|
|
|
1
|
+
"""Check Ensure a notification is configured for Oracle Cloud Guard problems detected."""
|
|
2
|
+
|
|
3
|
+
from prowler.lib.check.models import Check, Check_Report_OCI
|
|
4
|
+
from prowler.providers.oraclecloud.services.cloudguard.cloudguard_client import (
|
|
5
|
+
cloudguard_client,
|
|
6
|
+
)
|
|
7
|
+
from prowler.providers.oraclecloud.services.events.events_client import events_client
|
|
8
|
+
from prowler.providers.oraclecloud.services.events.lib.helpers import (
|
|
9
|
+
check_event_rule_has_notification_actions,
|
|
10
|
+
filter_rules_by_event_types,
|
|
11
|
+
)
|
|
12
|
+
|
|
13
|
+
|
|
14
|
+
class events_rule_cloudguard_problems(Check):
|
|
15
|
+
"""Check Ensure a notification is configured for Oracle Cloud Guard problems detected."""
|
|
16
|
+
|
|
17
|
+
def execute(self) -> Check_Report_OCI:
|
|
18
|
+
"""Execute the events_rule_cloudguard_problems check."""
|
|
19
|
+
findings = []
|
|
20
|
+
|
|
21
|
+
# Required event types for Cloud Guard notifications
|
|
22
|
+
required_event_types = [
|
|
23
|
+
"com.oraclecloud.cloudguard.problemdetected",
|
|
24
|
+
"com.oraclecloud.cloudguard.problemdismissed",
|
|
25
|
+
"com.oraclecloud.cloudguard.problemremediated",
|
|
26
|
+
]
|
|
27
|
+
|
|
28
|
+
# Get Cloud Guard reporting region (if Cloud Guard is configured)
|
|
29
|
+
reporting_region = None
|
|
30
|
+
if cloudguard_client.configuration:
|
|
31
|
+
reporting_region = cloudguard_client.configuration.reporting_region
|
|
32
|
+
|
|
33
|
+
# Filter rules that monitor Cloud Guard problems
|
|
34
|
+
matching_rules = filter_rules_by_event_types(
|
|
35
|
+
events_client.rules, required_event_types
|
|
36
|
+
)
|
|
37
|
+
|
|
38
|
+
# If reporting region is set, filter rules to only those in that region
|
|
39
|
+
if reporting_region:
|
|
40
|
+
matching_rules = [
|
|
41
|
+
(rule, condition)
|
|
42
|
+
for rule, condition in matching_rules
|
|
43
|
+
if rule.region == reporting_region
|
|
44
|
+
]
|
|
45
|
+
|
|
46
|
+
# Create findings for each matching rule
|
|
47
|
+
for rule, _ in matching_rules:
|
|
48
|
+
report = Check_Report_OCI(
|
|
49
|
+
metadata=self.metadata(),
|
|
50
|
+
resource=rule,
|
|
51
|
+
region=rule.region,
|
|
52
|
+
resource_name=rule.name,
|
|
53
|
+
resource_id=rule.id,
|
|
54
|
+
compartment_id=rule.compartment_id,
|
|
55
|
+
)
|
|
56
|
+
|
|
57
|
+
# Check if the rule has notification actions
|
|
58
|
+
if check_event_rule_has_notification_actions(rule):
|
|
59
|
+
report.status = "PASS"
|
|
60
|
+
report.status_extended = f"Event rule '{rule.name}' is configured to monitor Cloud Guard problems with notifications."
|
|
61
|
+
if reporting_region:
|
|
62
|
+
report.status_extended += (
|
|
63
|
+
f" (Cloud Guard reporting region: {reporting_region})"
|
|
64
|
+
)
|
|
65
|
+
else:
|
|
66
|
+
report.status = "FAIL"
|
|
67
|
+
report.status_extended = f"Event rule '{rule.name}' monitors Cloud Guard problems but does not have notification actions configured."
|
|
68
|
+
|
|
69
|
+
findings.append(report)
|
|
70
|
+
|
|
71
|
+
# If no matching rules found, create a single FAIL finding
|
|
72
|
+
if not findings:
|
|
73
|
+
report = Check_Report_OCI(
|
|
74
|
+
metadata=self.metadata(),
|
|
75
|
+
resource={},
|
|
76
|
+
region=reporting_region if reporting_region else "global",
|
|
77
|
+
resource_name="Cloud Guard Problem Notifications",
|
|
78
|
+
resource_id=events_client.audited_tenancy,
|
|
79
|
+
compartment_id=events_client.audited_tenancy,
|
|
80
|
+
)
|
|
81
|
+
report.status = "FAIL"
|
|
82
|
+
region_note = (
|
|
83
|
+
f" in Cloud Guard reporting region '{reporting_region}'"
|
|
84
|
+
if reporting_region
|
|
85
|
+
else ""
|
|
86
|
+
)
|
|
87
|
+
report.status_extended = f"No event rules configured{region_note} to monitor Cloud Guard problems (detected, dismissed, remediated)."
|
|
88
|
+
findings.append(report)
|
|
89
|
+
|
|
90
|
+
return findings
|
|
File without changes
|
|
@@ -0,0 +1,37 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "oci",
|
|
3
|
+
"CheckID": "events_rule_iam_group_changes",
|
|
4
|
+
"CheckTitle": "Ensure a notification is configured for IAM group changes",
|
|
5
|
+
"CheckType": [
|
|
6
|
+
"Software and Configuration Checks",
|
|
7
|
+
"Industry and Regulatory Standards",
|
|
8
|
+
"CIS OCI Foundations Benchmark"
|
|
9
|
+
],
|
|
10
|
+
"ServiceName": "events",
|
|
11
|
+
"SubServiceName": "",
|
|
12
|
+
"ResourceIdTemplate": "oci:events:rule",
|
|
13
|
+
"Severity": "medium",
|
|
14
|
+
"ResourceType": "OciEventsRule",
|
|
15
|
+
"Description": "Event rules should be configured to notify on IAM group changes.",
|
|
16
|
+
"Risk": "Without proper event monitoring, security-relevant changes may go unnoticed.",
|
|
17
|
+
"RelatedUrl": "https://docs.oracle.com/en-us/iaas/Content/Events/home.htm",
|
|
18
|
+
"Remediation": {
|
|
19
|
+
"Code": {
|
|
20
|
+
"CLI": "oci events rule create --display-name <name> --condition <event-condition> --actions <notification-actions>",
|
|
21
|
+
"NativeIaC": "",
|
|
22
|
+
"Other": "1. Navigate to Observability & Management > Events Service\n2. Create a new rule\n3. Configure the event condition\n4. Add notification action\n5. Save the rule",
|
|
23
|
+
"Terraform": "resource \"oci_events_rule\" \"example\" {\n display_name = \"rule\"\n is_enabled = true\n condition = jsonencode({\n eventType = [\"com.oraclecloud.*\"]\n })\n actions {\n actions {\n action_type = \"ONS\"\n topic_id = var.topic_id\n }\n }\n}"
|
|
24
|
+
},
|
|
25
|
+
"Recommendation": {
|
|
26
|
+
"Text": "Ensure a notification is configured for IAM group changes",
|
|
27
|
+
"Url": "https://hub.prowler.com/check/oci/events_rule_iam_group_changes"
|
|
28
|
+
}
|
|
29
|
+
},
|
|
30
|
+
"Categories": [
|
|
31
|
+
"logging",
|
|
32
|
+
"monitoring"
|
|
33
|
+
],
|
|
34
|
+
"DependsOn": [],
|
|
35
|
+
"RelatedTo": [],
|
|
36
|
+
"Notes": ""
|
|
37
|
+
}
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
"""Check Ensure a notification is configured for IAM group changes."""
|
|
2
|
+
|
|
3
|
+
from prowler.lib.check.models import Check, Check_Report_OCI
|
|
4
|
+
from prowler.providers.oraclecloud.services.events.events_client import events_client
|
|
5
|
+
from prowler.providers.oraclecloud.services.events.lib.helpers import (
|
|
6
|
+
check_event_rule_has_notification_actions,
|
|
7
|
+
filter_rules_by_event_types,
|
|
8
|
+
)
|
|
9
|
+
|
|
10
|
+
|
|
11
|
+
class events_rule_iam_group_changes(Check):
|
|
12
|
+
"""Check Ensure a notification is configured for IAM group changes."""
|
|
13
|
+
|
|
14
|
+
def execute(self) -> Check_Report_OCI:
|
|
15
|
+
"""Execute the events_rule_iam_group_changes check."""
|
|
16
|
+
findings = []
|
|
17
|
+
|
|
18
|
+
# Required event types for IAM group changes
|
|
19
|
+
required_event_types = [
|
|
20
|
+
"com.oraclecloud.identitycontrolplane.creategroup",
|
|
21
|
+
"com.oraclecloud.identitycontrolplane.deletegroup",
|
|
22
|
+
"com.oraclecloud.identitycontrolplane.updategroup",
|
|
23
|
+
]
|
|
24
|
+
|
|
25
|
+
# Filter rules that monitor IAM group changes
|
|
26
|
+
matching_rules = filter_rules_by_event_types(
|
|
27
|
+
events_client.rules, required_event_types
|
|
28
|
+
)
|
|
29
|
+
|
|
30
|
+
# Create findings for each matching rule
|
|
31
|
+
for rule, _ in matching_rules:
|
|
32
|
+
report = Check_Report_OCI(
|
|
33
|
+
metadata=self.metadata(),
|
|
34
|
+
resource=rule,
|
|
35
|
+
region=rule.region,
|
|
36
|
+
resource_name=rule.name,
|
|
37
|
+
resource_id=rule.id,
|
|
38
|
+
compartment_id=rule.compartment_id,
|
|
39
|
+
)
|
|
40
|
+
|
|
41
|
+
# Check if the rule has notification actions
|
|
42
|
+
if check_event_rule_has_notification_actions(rule):
|
|
43
|
+
report.status = "PASS"
|
|
44
|
+
report.status_extended = f"Event rule '{rule.name}' is configured to monitor IAM group changes with notifications."
|
|
45
|
+
else:
|
|
46
|
+
report.status = "FAIL"
|
|
47
|
+
report.status_extended = f"Event rule '{rule.name}' monitors IAM group changes but does not have notification actions configured."
|
|
48
|
+
|
|
49
|
+
findings.append(report)
|
|
50
|
+
|
|
51
|
+
# If no matching rules found, create a single FAIL finding
|
|
52
|
+
if not findings:
|
|
53
|
+
report = Check_Report_OCI(
|
|
54
|
+
metadata=self.metadata(),
|
|
55
|
+
resource={},
|
|
56
|
+
region="global",
|
|
57
|
+
resource_name="IAM Group Changes Event Rule",
|
|
58
|
+
resource_id=events_client.audited_tenancy,
|
|
59
|
+
compartment_id=events_client.audited_tenancy,
|
|
60
|
+
)
|
|
61
|
+
report.status = "FAIL"
|
|
62
|
+
report.status_extended = (
|
|
63
|
+
"No event rules configured to monitor IAM group changes."
|
|
64
|
+
)
|
|
65
|
+
findings.append(report)
|
|
66
|
+
|
|
67
|
+
return findings
|
|
File without changes
|