prowler-cloud 5.14.1__py3-none-any.whl → 5.15.0__py3-none-any.whl
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- dashboard/assets/images/providers/alibabacloud_provider.png +0 -0
- dashboard/compliance/cis_2_0_alibabacloud.py +24 -0
- dashboard/lib/layouts.py +1 -0
- dashboard/pages/compliance.py +8 -2
- dashboard/pages/overview.py +52 -1
- prowler/CHANGELOG.md +59 -20
- prowler/__main__.py +40 -0
- prowler/compliance/alibabacloud/__init__.py +0 -0
- prowler/compliance/alibabacloud/cis_2.0_alibabacloud.json +1833 -0
- prowler/compliance/aws/iso27001_2013_aws.json +158 -158
- prowler/compliance/aws/soc2_aws.json +100 -0
- prowler/compliance/azure/rbi_cyber_security_framework_azure.json +248 -0
- prowler/compliance/azure/soc2_azure.json +87 -1
- prowler/compliance/gcp/soc2_gcp.json +82 -1
- prowler/config/config.py +2 -1
- prowler/lib/check/check.py +47 -1
- prowler/lib/check/models.py +23 -0
- prowler/lib/check/utils.py +1 -1
- prowler/lib/cli/parser.py +3 -2
- prowler/lib/outputs/compliance/cis/cis_alibabacloud.py +106 -0
- prowler/lib/outputs/compliance/cis/models.py +35 -0
- prowler/lib/outputs/finding.py +16 -0
- prowler/lib/outputs/html/html.py +67 -0
- prowler/lib/outputs/outputs.py +2 -0
- prowler/lib/outputs/summary_table.py +3 -0
- prowler/providers/alibabacloud/__init__.py +0 -0
- prowler/providers/alibabacloud/alibabacloud_provider.py +872 -0
- prowler/providers/alibabacloud/config.py +41 -0
- prowler/providers/alibabacloud/exceptions/__init__.py +0 -0
- prowler/providers/alibabacloud/exceptions/exceptions.py +116 -0
- prowler/providers/alibabacloud/lib/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/arguments/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/arguments/arguments.py +58 -0
- prowler/providers/alibabacloud/lib/mutelist/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/mutelist/mutelist.py +175 -0
- prowler/providers/alibabacloud/lib/service/__init__.py +0 -0
- prowler/providers/alibabacloud/lib/service/service.py +113 -0
- prowler/providers/alibabacloud/models.py +266 -0
- prowler/providers/alibabacloud/services/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_client.py +6 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_multi_region_enabled/actiontrail_multi_region_enabled.py +81 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.metadata.json +40 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_oss_bucket_not_publicly_accessible/actiontrail_oss_bucket_not_publicly_accessible.py +119 -0
- prowler/providers/alibabacloud/services/actiontrail/actiontrail_service.py +110 -0
- prowler/providers/alibabacloud/services/cs/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_client.py +4 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cloudmonitor_enabled/cs_kubernetes_cloudmonitor_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_recent/cs_kubernetes_cluster_check_recent.py +62 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.metadata.json +38 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_cluster_check_weekly/cs_kubernetes_cluster_check_weekly.py +62 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_dashboard_disabled/cs_kubernetes_dashboard_disabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_eni_multiple_ip_enabled/cs_kubernetes_eni_multiple_ip_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.metadata.json +40 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_log_service_enabled/cs_kubernetes_log_service_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_network_policy_enabled/cs_kubernetes_network_policy_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_private_cluster_enabled/cs_kubernetes_private_cluster_enabled.py +26 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.metadata.json +40 -0
- prowler/providers/alibabacloud/services/cs/cs_kubernetes_rbac_enabled/cs_kubernetes_rbac_enabled.py +28 -0
- prowler/providers/alibabacloud/services/cs/cs_service.py +354 -0
- prowler/providers/alibabacloud/services/ecs/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_attached_disk_encrypted/ecs_attached_disk_encrypted.py +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_client.py +4 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.metadata.json +41 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_endpoint_protection_installed/ecs_instance_endpoint_protection_installed.py +47 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_latest_os_patches_applied/ecs_instance_latest_os_patches_applied.py +50 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_instance_no_legacy_network/ecs_instance_no_legacy_network.py +34 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_rdp_internet/ecs_securitygroup_restrict_rdp_internet.py +68 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ecs/ecs_securitygroup_restrict_ssh_internet/ecs_securitygroup_restrict_ssh_internet.py +68 -0
- prowler/providers/alibabacloud/services/ecs/ecs_service.py +380 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.metadata.json +38 -0
- prowler/providers/alibabacloud/services/ecs/ecs_unattached_disk_encrypted/ecs_unattached_disk_encrypted.py +38 -0
- prowler/providers/alibabacloud/services/ecs/lib/security_groups.py +23 -0
- prowler/providers/alibabacloud/services/oss/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_logging_enabled/oss_bucket_logging_enabled.py +37 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.metadata.json +39 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_not_publicly_accessible/oss_bucket_not_publicly_accessible.py +89 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/oss/oss_bucket_secure_transport_enabled/oss_bucket_secure_transport_enabled.py +87 -0
- prowler/providers/alibabacloud/services/oss/oss_client.py +4 -0
- prowler/providers/alibabacloud/services/oss/oss_service.py +317 -0
- prowler/providers/alibabacloud/services/ram/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_client.py +4 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_no_root_access_key/ram_no_root_access_key.py +33 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_lowercase/ram_password_policy_lowercase.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_login_attempts/ram_password_policy_max_login_attempts.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_max_password_age/ram_password_policy_max_password_age.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_minimum_length/ram_password_policy_minimum_length.py +30 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_number/ram_password_policy_number.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_password_reuse_prevention/ram_password_policy_password_reuse_prevention.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_symbol/ram_password_policy_symbol.py +34 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_password_policy_uppercase/ram_password_policy_uppercase.py +32 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_attached_only_to_group_or_roles/ram_policy_attached_only_to_group_or_roles.py +35 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_policy_no_administrative_privileges/ram_policy_no_administrative_privileges.py +73 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_rotate_access_key_90_days/ram_rotate_access_key_90_days.py +58 -0
- prowler/providers/alibabacloud/services/ram/ram_service.py +478 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_user_console_access_unused/ram_user_console_access_unused.py +56 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/__init__.py +0 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.metadata.json +39 -0
- prowler/providers/alibabacloud/services/ram/ram_user_mfa_enabled_console_access/ram_user_mfa_enabled_console_access.py +36 -0
- prowler/providers/alibabacloud/services/rds/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_client.py +4 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_no_public_access_whitelist/rds_instance_no_public_access_whitelist.py +36 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_connections_enabled/rds_instance_postgresql_log_connections_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_disconnections_enabled/rds_instance_postgresql_log_disconnections_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.metadata.json +38 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_postgresql_log_duration_enabled/rds_instance_postgresql_log_duration_enabled.py +29 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_enabled/rds_instance_sql_audit_enabled.py +32 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_sql_audit_retention/rds_instance_sql_audit_retention.py +41 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_ssl_enabled/rds_instance_ssl_enabled.py +30 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_enabled/rds_instance_tde_enabled.py +32 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/__init__.py +0 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.metadata.json +39 -0
- prowler/providers/alibabacloud/services/rds/rds_instance_tde_key_custom/rds_instance_tde_key_custom.py +38 -0
- prowler/providers/alibabacloud/services/rds/rds_service.py +274 -0
- prowler/providers/alibabacloud/services/securitycenter/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.metadata.json +43 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_advanced_or_enterprise_edition/securitycenter_advanced_or_enterprise_edition.py +48 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.metadata.json +42 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_all_assets_agent_installed/securitycenter_all_assets_agent_installed.py +48 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_client.py +6 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.metadata.json +42 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_notification_enabled_high_risk/securitycenter_notification_enabled_high_risk.py +65 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_service.py +394 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/securitycenter/securitycenter_vulnerability_scan_enabled/securitycenter_vulnerability_scan_enabled.py +68 -0
- prowler/providers/alibabacloud/services/sls/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_client.py +4 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_cloud_firewall_changes_alert_enabled/sls_cloud_firewall_changes_alert_enabled.py +50 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_customer_created_cmk_changes_alert_enabled/sls_customer_created_cmk_changes_alert_enabled.py +48 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.metadata.json +38 -0
- prowler/providers/alibabacloud/services/sls/sls_logstore_retention_period/sls_logstore_retention_period.py +32 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_authentication_failures_alert_enabled/sls_management_console_authentication_failures_alert_enabled.py +44 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_management_console_signin_without_mfa_alert_enabled/sls_management_console_signin_without_mfa_alert_enabled.py +49 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_bucket_policy_changes_alert_enabled/sls_oss_bucket_policy_changes_alert_enabled.py +57 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_oss_permission_changes_alert_enabled/sls_oss_permission_changes_alert_enabled.py +48 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_ram_role_changes_alert_enabled/sls_ram_role_changes_alert_enabled.py +54 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_rds_instance_configuration_changes_alert_enabled/sls_rds_instance_configuration_changes_alert_enabled.py +72 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_root_account_usage_alert_enabled/sls_root_account_usage_alert_enabled.py +50 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_security_group_changes_alert_enabled/sls_security_group_changes_alert_enabled.py +56 -0
- prowler/providers/alibabacloud/services/sls/sls_service.py +137 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_unauthorized_api_calls_alert_enabled/sls_unauthorized_api_calls_alert_enabled.py +56 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_changes_alert_enabled/sls_vpc_changes_alert_enabled.py +57 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/sls/sls_vpc_network_route_changes_alert_enabled/sls_vpc_network_route_changes_alert_enabled.py +52 -0
- prowler/providers/alibabacloud/services/vpc/__init__.py +0 -0
- prowler/providers/alibabacloud/services/vpc/vpc_client.py +4 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/__init__.py +0 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.metadata.json +39 -0
- prowler/providers/alibabacloud/services/vpc/vpc_flow_logs_enabled/vpc_flow_logs_enabled.py +30 -0
- prowler/providers/alibabacloud/services/vpc/vpc_service.py +102 -0
- prowler/providers/aws/aws_regions_by_service.json +20 -0
- prowler/providers/aws/services/apigateway/apigateway_restapi_waf_acl_attached/apigateway_restapi_waf_acl_attached.metadata.json +1 -3
- prowler/providers/aws/services/cloudtrail/cloudtrail_insights_exist/cloudtrail_insights_exist.metadata.json +1 -1
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_acls_alarm_configured/cloudwatch_changes_to_network_acls_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_gateways_alarm_configured/cloudwatch_changes_to_network_gateways_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_network_route_tables_alarm_configured/cloudwatch_changes_to_network_route_tables_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_changes_to_vpcs_alarm_configured/cloudwatch_changes_to_vpcs_alarm_configured.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_aws_config_configuration_changes_enabled.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled/cloudwatch_log_metric_filter_and_alarm_for_cloudtrail_configuration_changes_enabled.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_authentication_failures/cloudwatch_log_metric_filter_authentication_failures.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_aws_organizations_changes/cloudwatch_log_metric_filter_aws_organizations_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes/cloudwatch_log_metric_filter_for_s3_bucket_policy_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_policy_changes/cloudwatch_log_metric_filter_policy_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_root_usage/cloudwatch_log_metric_filter_root_usage.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_security_group_changes/cloudwatch_log_metric_filter_security_group_changes.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_sign_in_without_mfa/cloudwatch_log_metric_filter_sign_in_without_mfa.metadata.json +1 -2
- prowler/providers/aws/services/cloudwatch/cloudwatch_log_metric_filter_unauthorized_api_calls/cloudwatch_log_metric_filter_unauthorized_api_calls.metadata.json +0 -1
- prowler/providers/aws/services/guardduty/guardduty_centrally_managed/guardduty_centrally_managed.metadata.json +16 -10
- prowler/providers/aws/services/guardduty/guardduty_ec2_malware_protection_enabled/guardduty_ec2_malware_protection_enabled.metadata.json +23 -14
- prowler/providers/aws/services/guardduty/guardduty_eks_audit_log_enabled/guardduty_eks_audit_log_enabled.metadata.json +19 -13
- prowler/providers/aws/services/guardduty/guardduty_eks_runtime_monitoring_enabled/guardduty_eks_runtime_monitoring_enabled.metadata.json +18 -12
- prowler/providers/aws/services/guardduty/guardduty_is_enabled/guardduty_is_enabled.metadata.json +24 -13
- prowler/providers/aws/services/guardduty/guardduty_lambda_protection_enabled/guardduty_lambda_protection_enabled.metadata.json +20 -14
- prowler/providers/aws/services/guardduty/guardduty_no_high_severity_findings/guardduty_no_high_severity_findings.metadata.json +18 -9
- prowler/providers/aws/services/guardduty/guardduty_rds_protection_enabled/guardduty_rds_protection_enabled.metadata.json +18 -11
- prowler/providers/aws/services/guardduty/guardduty_s3_protection_enabled/guardduty_s3_protection_enabled.metadata.json +21 -12
- prowler/providers/aws/services/lightsail/lightsail_database_public/lightsail_database_public.metadata.json +21 -13
- prowler/providers/aws/services/lightsail/lightsail_instance_automated_snapshots/lightsail_instance_automated_snapshots.metadata.json +24 -13
- prowler/providers/aws/services/lightsail/lightsail_instance_public/lightsail_instance_public.metadata.json +21 -13
- prowler/providers/aws/services/lightsail/lightsail_static_ip_unused/lightsail_static_ip_unused.metadata.json +23 -14
- prowler/providers/aws/services/macie/macie_automated_sensitive_data_discovery_enabled/macie_automated_sensitive_data_discovery_enabled.metadata.json +20 -12
- prowler/providers/aws/services/macie/macie_is_enabled/macie_is_enabled.metadata.json +17 -12
- prowler/providers/aws/services/mq/mq_broker_active_deployment_mode/mq_broker_active_deployment_mode.metadata.json +22 -13
- prowler/providers/aws/services/mq/mq_broker_auto_minor_version_upgrades/mq_broker_auto_minor_version_upgrades.metadata.json +21 -12
- prowler/providers/aws/services/mq/mq_broker_cluster_deployment_mode/mq_broker_cluster_deployment_mode.metadata.json +23 -14
- prowler/providers/aws/services/mq/mq_broker_logging_enabled/mq_broker_logging_enabled.metadata.json +22 -13
- prowler/providers/aws/services/mq/mq_broker_not_publicly_accessible/mq_broker_not_publicly_accessible.metadata.json +20 -12
- prowler/providers/aws/services/networkfirewall/networkfirewall_deletion_protection/networkfirewall_deletion_protection.metadata.json +21 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_in_all_vpc/networkfirewall_in_all_vpc.metadata.json +23 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_logging_enabled/networkfirewall_logging_enabled.metadata.json +20 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_multi_az/networkfirewall_multi_az.metadata.json +22 -14
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_fragmented_packets/networkfirewall_policy_default_action_fragmented_packets.metadata.json +26 -14
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_default_action_full_packets/networkfirewall_policy_default_action_full_packets.metadata.json +22 -13
- prowler/providers/aws/services/networkfirewall/networkfirewall_policy_rule_group_associated/networkfirewall_policy_rule_group_associated.metadata.json +25 -14
- prowler/providers/common/provider.py +12 -0
- prowler/providers/gcp/services/accesscontextmanager/__init__.py +0 -0
- prowler/providers/gcp/services/accesscontextmanager/accesscontextmanager_client.py +6 -0
- prowler/providers/gcp/services/accesscontextmanager/accesscontextmanager_service.py +101 -0
- prowler/providers/gcp/services/cloudresourcemanager/cloudresourcemanager_service.py +10 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_service.py +13 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/__init__.py +0 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.metadata.json +36 -0
- prowler/providers/gcp/services/cloudstorage/cloudstorage_uses_vpc_service_controls/cloudstorage_uses_vpc_service_controls.py +67 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_automatic_restart_enabled/compute_instance_automatic_restart_enabled.py +35 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.metadata.json +36 -0
- prowler/providers/gcp/services/compute/compute_instance_deletion_protection_enabled/compute_instance_deletion_protection_enabled.py +29 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/__init__.py +0 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.metadata.json +37 -0
- prowler/providers/gcp/services/compute/compute_instance_preemptible_vm_disabled/compute_instance_preemptible_vm_disabled.py +32 -0
- prowler/providers/gcp/services/compute/compute_service.py +16 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/__init__.py +0 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.metadata.json +33 -0
- prowler/providers/github/services/repository/repository_immutable_releases_enabled/repository_immutable_releases_enabled.py +41 -0
- prowler/providers/github/services/repository/repository_service.py +52 -0
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/METADATA +40 -22
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/RECORD +326 -73
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/LICENSE +0 -0
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/WHEEL +0 -0
- {prowler_cloud-5.14.1.dist-info → prowler_cloud-5.15.0.dist-info}/entry_points.txt +0 -0
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
from prowler.lib.check.models import Check, CheckReportAlibabaCloud
|
|
2
|
+
from prowler.providers.alibabacloud.services.sls.sls_client import sls_client
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class sls_vpc_network_route_changes_alert_enabled(Check):
|
|
6
|
+
def execute(self) -> list[CheckReportAlibabaCloud]:
|
|
7
|
+
findings = []
|
|
8
|
+
found = False
|
|
9
|
+
|
|
10
|
+
for alert in sls_client.alerts:
|
|
11
|
+
query_list = alert.configuration.get("queryList", [])
|
|
12
|
+
if not query_list:
|
|
13
|
+
continue
|
|
14
|
+
|
|
15
|
+
for query_obj in query_list:
|
|
16
|
+
query = query_obj.get("query", "")
|
|
17
|
+
if ("Ecs" in query or "Vpc" in query) and (
|
|
18
|
+
"CreateRouteEntry" in query
|
|
19
|
+
or "DeleteRouteEntry" in query
|
|
20
|
+
or "ModifyRouteEntry" in query
|
|
21
|
+
or "AssociateRouteTable" in query
|
|
22
|
+
or "UnassociateRouteTable" in query
|
|
23
|
+
):
|
|
24
|
+
found = True
|
|
25
|
+
report = CheckReportAlibabaCloud(
|
|
26
|
+
metadata=self.metadata(), resource=alert
|
|
27
|
+
)
|
|
28
|
+
report.status = "PASS"
|
|
29
|
+
report.status_extended = f"SLS Alert {alert.name} is configured for VPC network route changes."
|
|
30
|
+
report.resource_id = alert.name
|
|
31
|
+
report.resource_arn = alert.arn
|
|
32
|
+
report.region = alert.region
|
|
33
|
+
findings.append(report)
|
|
34
|
+
break
|
|
35
|
+
|
|
36
|
+
if found:
|
|
37
|
+
break
|
|
38
|
+
|
|
39
|
+
if not found:
|
|
40
|
+
report = CheckReportAlibabaCloud(
|
|
41
|
+
metadata=self.metadata(), resource=sls_client.provider.identity
|
|
42
|
+
)
|
|
43
|
+
report.status = "FAIL"
|
|
44
|
+
report.status_extended = (
|
|
45
|
+
"No SLS Alert configured for VPC network route changes."
|
|
46
|
+
)
|
|
47
|
+
report.resource_id = sls_client.audited_account
|
|
48
|
+
report.resource_arn = sls_client.provider.identity.identity_arn
|
|
49
|
+
report.region = sls_client.region
|
|
50
|
+
findings.append(report)
|
|
51
|
+
|
|
52
|
+
return findings
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
{
|
|
2
|
+
"Provider": "alibabacloud",
|
|
3
|
+
"CheckID": "vpc_flow_logs_enabled",
|
|
4
|
+
"CheckTitle": "VPC flow logging is enabled in all VPCs",
|
|
5
|
+
"CheckType": [
|
|
6
|
+
"Suspicious network connection",
|
|
7
|
+
"Cloud threat detection"
|
|
8
|
+
],
|
|
9
|
+
"ServiceName": "vpc",
|
|
10
|
+
"SubServiceName": "",
|
|
11
|
+
"ResourceIdTemplate": "acs:vpc:region:account-id:vpc/{vpc-id}",
|
|
12
|
+
"Severity": "medium",
|
|
13
|
+
"ResourceType": "AlibabaCloudVPC",
|
|
14
|
+
"Description": "You can use the **flow log function** to monitor the IP traffic information for an ENI, a VSwitch, or a VPC.\n\nIf you create a flow log for a VSwitch or a VPC, all the **Elastic Network Interfaces**, including the newly created ones, are monitored. Such flow log data is stored in **Log Service**, where you can view and analyze IP traffic information. It is recommended that VPC Flow Logs be enabled for packet \"Rejects\" for VPCs.",
|
|
15
|
+
"Risk": "**VPC Flow Logs** provide visibility into network traffic that traverses the VPC and can be used to detect **anomalous traffic** or provide insight during security workflows.\n\nWithout flow logs, it is difficult to investigate network-based security incidents.",
|
|
16
|
+
"RelatedUrl": "",
|
|
17
|
+
"AdditionalURLs": [
|
|
18
|
+
"https://www.alibabacloud.com/help/doc-detail/90628.html",
|
|
19
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/alibaba-cloud/AlibabaCloud-VPC/enable-flow-logs.html"
|
|
20
|
+
],
|
|
21
|
+
"Remediation": {
|
|
22
|
+
"Code": {
|
|
23
|
+
"CLI": "aliyun vpc CreateFlowLog --ResourceId <vpc_id> --ResourceType VPC --FlowLogName <flow_log_name> --LogStoreName <log_store_name> --ProjectName <project_name>",
|
|
24
|
+
"NativeIaC": "",
|
|
25
|
+
"Other": "",
|
|
26
|
+
"Terraform": "resource \"alicloud_vpc_flow_log\" \"example\" {\n flow_log_name = \"example-flow-log\"\n resource_type = \"VPC\"\n resource_id = alicloud_vpc.example.id\n traffic_type = \"All\"\n project_name = alicloud_log_project.example.project_name\n log_store_name = alicloud_log_store.example.logstore_name\n}"
|
|
27
|
+
},
|
|
28
|
+
"Recommendation": {
|
|
29
|
+
"Text": "1. Log on to the **VPC Console**\n2. In the left-side navigation pane, click **FlowLog**\n3. Follow the instructions to create FlowLog for each of your VPCs",
|
|
30
|
+
"Url": "https://hub.prowler.com/check/vpc_flow_logs_enabled"
|
|
31
|
+
}
|
|
32
|
+
},
|
|
33
|
+
"Categories": [
|
|
34
|
+
"logging"
|
|
35
|
+
],
|
|
36
|
+
"DependsOn": [],
|
|
37
|
+
"RelatedTo": [],
|
|
38
|
+
"Notes": ""
|
|
39
|
+
}
|
|
@@ -0,0 +1,30 @@
|
|
|
1
|
+
from prowler.lib.check.models import Check, CheckReportAlibabaCloud
|
|
2
|
+
from prowler.providers.alibabacloud.services.vpc.vpc_client import vpc_client
|
|
3
|
+
|
|
4
|
+
|
|
5
|
+
class vpc_flow_logs_enabled(Check):
|
|
6
|
+
"""Check if VPC flow logging is enabled in all VPCs."""
|
|
7
|
+
|
|
8
|
+
def execute(self) -> list[CheckReportAlibabaCloud]:
|
|
9
|
+
findings = []
|
|
10
|
+
|
|
11
|
+
for vpc in vpc_client.vpcs.values():
|
|
12
|
+
report = CheckReportAlibabaCloud(metadata=self.metadata(), resource=vpc)
|
|
13
|
+
report.region = vpc.region
|
|
14
|
+
report.resource_id = vpc.id
|
|
15
|
+
report.resource_arn = (
|
|
16
|
+
f"acs:vpc:{vpc.region}:{vpc_client.audited_account}:vpc/{vpc.id}"
|
|
17
|
+
)
|
|
18
|
+
|
|
19
|
+
if vpc.flow_log_enabled:
|
|
20
|
+
report.status = "PASS"
|
|
21
|
+
report.status_extended = (
|
|
22
|
+
f"VPC {vpc.name if vpc.name else vpc.id} has flow logs enabled."
|
|
23
|
+
)
|
|
24
|
+
else:
|
|
25
|
+
report.status = "FAIL"
|
|
26
|
+
report.status_extended = f"VPC {vpc.name if vpc.name else vpc.id} does not have flow logs enabled."
|
|
27
|
+
|
|
28
|
+
findings.append(report)
|
|
29
|
+
|
|
30
|
+
return findings
|
|
@@ -0,0 +1,102 @@
|
|
|
1
|
+
from datetime import datetime
|
|
2
|
+
from typing import Optional
|
|
3
|
+
|
|
4
|
+
from alibabacloud_vpc20160428 import models as vpc_models
|
|
5
|
+
from pydantic.v1 import BaseModel
|
|
6
|
+
|
|
7
|
+
from prowler.lib.logger import logger
|
|
8
|
+
from prowler.lib.scan_filters.scan_filters import is_resource_filtered
|
|
9
|
+
from prowler.providers.alibabacloud.lib.service.service import AlibabaCloudService
|
|
10
|
+
|
|
11
|
+
|
|
12
|
+
class VPC(AlibabaCloudService):
|
|
13
|
+
"""
|
|
14
|
+
VPC (Virtual Private Cloud) service class for Alibaba Cloud.
|
|
15
|
+
|
|
16
|
+
This class provides methods to interact with Alibaba Cloud VPC service
|
|
17
|
+
to retrieve VPCs, flow logs, etc.
|
|
18
|
+
"""
|
|
19
|
+
|
|
20
|
+
def __init__(self, provider):
|
|
21
|
+
# Call AlibabaCloudService's __init__
|
|
22
|
+
super().__init__(__class__.__name__, provider, global_service=False)
|
|
23
|
+
|
|
24
|
+
# Fetch VPC resources
|
|
25
|
+
self.vpcs = {}
|
|
26
|
+
self.__threading_call__(self._describe_vpcs)
|
|
27
|
+
self._describe_flow_logs()
|
|
28
|
+
|
|
29
|
+
def _describe_vpcs(self, regional_client):
|
|
30
|
+
"""List all VPCs in the region."""
|
|
31
|
+
region = getattr(regional_client, "region", "unknown")
|
|
32
|
+
logger.info(f"VPC - Describing VPCs in {region}...")
|
|
33
|
+
|
|
34
|
+
try:
|
|
35
|
+
request = vpc_models.DescribeVpcsRequest()
|
|
36
|
+
response = regional_client.describe_vpcs(request)
|
|
37
|
+
|
|
38
|
+
if response and response.body and response.body.vpcs:
|
|
39
|
+
for vpc_data in response.body.vpcs.vpc:
|
|
40
|
+
if not self.audit_resources or is_resource_filtered(
|
|
41
|
+
vpc_data.vpc_id, self.audit_resources
|
|
42
|
+
):
|
|
43
|
+
vpc_id = vpc_data.vpc_id
|
|
44
|
+
self.vpcs[vpc_id] = VPCs(
|
|
45
|
+
id=vpc_id,
|
|
46
|
+
name=getattr(vpc_data, "vpc_name", vpc_id),
|
|
47
|
+
region=region,
|
|
48
|
+
cidr_block=getattr(vpc_data, "cidr_block", ""),
|
|
49
|
+
description=getattr(vpc_data, "description", ""),
|
|
50
|
+
create_time=getattr(vpc_data, "creation_time", None),
|
|
51
|
+
is_default=getattr(vpc_data, "is_default", False),
|
|
52
|
+
flow_log_enabled=False, # Will be updated in _describe_flow_logs
|
|
53
|
+
)
|
|
54
|
+
|
|
55
|
+
except Exception as error:
|
|
56
|
+
logger.error(
|
|
57
|
+
f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
58
|
+
)
|
|
59
|
+
|
|
60
|
+
def _describe_flow_logs(self):
|
|
61
|
+
"""Get flow logs for all VPCs."""
|
|
62
|
+
logger.info("VPC - Describing Flow Logs...")
|
|
63
|
+
|
|
64
|
+
for vpc_id, vpc in self.vpcs.items():
|
|
65
|
+
try:
|
|
66
|
+
regional_client = self.regional_clients.get(vpc.region)
|
|
67
|
+
if not regional_client:
|
|
68
|
+
continue
|
|
69
|
+
|
|
70
|
+
request = vpc_models.DescribeFlowLogsRequest()
|
|
71
|
+
request.resource_id = vpc_id
|
|
72
|
+
request.resource_type = "VPC"
|
|
73
|
+
response = regional_client.describe_flow_logs(request)
|
|
74
|
+
|
|
75
|
+
if response and response.body and response.body.flow_logs:
|
|
76
|
+
flow_logs = response.body.flow_logs.flow_log
|
|
77
|
+
if flow_logs:
|
|
78
|
+
# Check if any flow log is active
|
|
79
|
+
for flow_log in flow_logs:
|
|
80
|
+
status = getattr(flow_log, "status", "")
|
|
81
|
+
if status == "Active":
|
|
82
|
+
vpc.flow_log_enabled = True
|
|
83
|
+
break
|
|
84
|
+
|
|
85
|
+
except Exception as error:
|
|
86
|
+
logger.error(
|
|
87
|
+
f"{vpc.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
|
|
88
|
+
)
|
|
89
|
+
|
|
90
|
+
|
|
91
|
+
# Models for VPC service
|
|
92
|
+
class VPCs(BaseModel):
|
|
93
|
+
"""VPC model."""
|
|
94
|
+
|
|
95
|
+
id: str
|
|
96
|
+
name: str
|
|
97
|
+
region: str
|
|
98
|
+
cidr_block: str
|
|
99
|
+
description: str = ""
|
|
100
|
+
create_time: Optional[datetime] = None
|
|
101
|
+
is_default: bool = False
|
|
102
|
+
flow_log_enabled: bool = False
|
|
@@ -761,11 +761,15 @@
|
|
|
761
761
|
"ap-south-1",
|
|
762
762
|
"ap-southeast-1",
|
|
763
763
|
"ap-southeast-2",
|
|
764
|
+
"ap-southeast-5",
|
|
764
765
|
"ca-central-1",
|
|
765
766
|
"eu-central-1",
|
|
767
|
+
"eu-south-1",
|
|
768
|
+
"eu-south-2",
|
|
766
769
|
"eu-west-1",
|
|
767
770
|
"eu-west-2",
|
|
768
771
|
"eu-west-3",
|
|
772
|
+
"il-central-1",
|
|
769
773
|
"sa-east-1",
|
|
770
774
|
"us-east-1",
|
|
771
775
|
"us-east-2",
|
|
@@ -1379,6 +1383,7 @@
|
|
|
1379
1383
|
"bedrock": {
|
|
1380
1384
|
"regions": {
|
|
1381
1385
|
"aws": [
|
|
1386
|
+
"af-south-1",
|
|
1382
1387
|
"ap-east-2",
|
|
1383
1388
|
"ap-northeast-1",
|
|
1384
1389
|
"ap-northeast-2",
|
|
@@ -1392,6 +1397,7 @@
|
|
|
1392
1397
|
"ap-southeast-5",
|
|
1393
1398
|
"ap-southeast-7",
|
|
1394
1399
|
"ca-central-1",
|
|
1400
|
+
"ca-west-1",
|
|
1395
1401
|
"eu-central-1",
|
|
1396
1402
|
"eu-central-2",
|
|
1397
1403
|
"eu-north-1",
|
|
@@ -1402,6 +1408,8 @@
|
|
|
1402
1408
|
"eu-west-3",
|
|
1403
1409
|
"il-central-1",
|
|
1404
1410
|
"me-central-1",
|
|
1411
|
+
"me-south-1",
|
|
1412
|
+
"mx-central-1",
|
|
1405
1413
|
"sa-east-1",
|
|
1406
1414
|
"us-east-1",
|
|
1407
1415
|
"us-east-2",
|
|
@@ -1418,6 +1426,7 @@
|
|
|
1418
1426
|
"bedrock-agent": {
|
|
1419
1427
|
"regions": {
|
|
1420
1428
|
"aws": [
|
|
1429
|
+
"af-south-1",
|
|
1421
1430
|
"ap-east-2",
|
|
1422
1431
|
"ap-northeast-1",
|
|
1423
1432
|
"ap-northeast-2",
|
|
@@ -1431,6 +1440,7 @@
|
|
|
1431
1440
|
"ap-southeast-5",
|
|
1432
1441
|
"ap-southeast-7",
|
|
1433
1442
|
"ca-central-1",
|
|
1443
|
+
"ca-west-1",
|
|
1434
1444
|
"eu-central-1",
|
|
1435
1445
|
"eu-central-2",
|
|
1436
1446
|
"eu-north-1",
|
|
@@ -1441,6 +1451,8 @@
|
|
|
1441
1451
|
"eu-west-3",
|
|
1442
1452
|
"il-central-1",
|
|
1443
1453
|
"me-central-1",
|
|
1454
|
+
"me-south-1",
|
|
1455
|
+
"mx-central-1",
|
|
1444
1456
|
"sa-east-1",
|
|
1445
1457
|
"us-east-1",
|
|
1446
1458
|
"us-east-2",
|
|
@@ -3595,6 +3607,7 @@
|
|
|
3595
3607
|
"ap-southeast-3",
|
|
3596
3608
|
"ap-southeast-4",
|
|
3597
3609
|
"ap-southeast-5",
|
|
3610
|
+
"ap-southeast-6",
|
|
3598
3611
|
"ap-southeast-7",
|
|
3599
3612
|
"ca-central-1",
|
|
3600
3613
|
"ca-west-1",
|
|
@@ -5551,6 +5564,7 @@
|
|
|
5551
5564
|
"ap-southeast-3",
|
|
5552
5565
|
"ap-southeast-4",
|
|
5553
5566
|
"ap-southeast-5",
|
|
5567
|
+
"ap-southeast-6",
|
|
5554
5568
|
"ap-southeast-7",
|
|
5555
5569
|
"ca-central-1",
|
|
5556
5570
|
"ca-west-1",
|
|
@@ -8459,6 +8473,7 @@
|
|
|
8459
8473
|
"ap-southeast-3",
|
|
8460
8474
|
"ap-southeast-4",
|
|
8461
8475
|
"ap-southeast-5",
|
|
8476
|
+
"ap-southeast-6",
|
|
8462
8477
|
"ap-southeast-7",
|
|
8463
8478
|
"ca-central-1",
|
|
8464
8479
|
"ca-west-1",
|
|
@@ -10696,7 +10711,9 @@
|
|
|
10696
10711
|
"ap-southeast-1",
|
|
10697
10712
|
"ap-southeast-2",
|
|
10698
10713
|
"ap-southeast-3",
|
|
10714
|
+
"ap-southeast-5",
|
|
10699
10715
|
"ca-central-1",
|
|
10716
|
+
"ca-west-1",
|
|
10700
10717
|
"eu-central-1",
|
|
10701
10718
|
"eu-central-2",
|
|
10702
10719
|
"eu-north-1",
|
|
@@ -10732,7 +10749,9 @@
|
|
|
10732
10749
|
"ap-southeast-1",
|
|
10733
10750
|
"ap-southeast-2",
|
|
10734
10751
|
"ap-southeast-3",
|
|
10752
|
+
"ap-southeast-5",
|
|
10735
10753
|
"ca-central-1",
|
|
10754
|
+
"ca-west-1",
|
|
10736
10755
|
"eu-central-1",
|
|
10737
10756
|
"eu-central-2",
|
|
10738
10757
|
"eu-north-1",
|
|
@@ -11239,6 +11258,7 @@
|
|
|
11239
11258
|
"aws": [
|
|
11240
11259
|
"af-south-1",
|
|
11241
11260
|
"ap-east-1",
|
|
11261
|
+
"ap-east-2",
|
|
11242
11262
|
"ap-northeast-1",
|
|
11243
11263
|
"ap-northeast-2",
|
|
11244
11264
|
"ap-northeast-3",
|
|
@@ -1,26 +1,32 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "aws",
|
|
3
3
|
"CheckID": "guardduty_centrally_managed",
|
|
4
|
-
"CheckTitle": "GuardDuty is
|
|
5
|
-
"CheckType": [
|
|
4
|
+
"CheckTitle": "GuardDuty detector is managed by an administrator account or is the administrator with member accounts",
|
|
5
|
+
"CheckType": [
|
|
6
|
+
"Software and Configuration Checks/AWS Security Best Practices",
|
|
7
|
+
"Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices"
|
|
8
|
+
],
|
|
6
9
|
"ServiceName": "guardduty",
|
|
7
10
|
"SubServiceName": "",
|
|
8
|
-
"ResourceIdTemplate": "
|
|
11
|
+
"ResourceIdTemplate": "",
|
|
9
12
|
"Severity": "medium",
|
|
10
13
|
"ResourceType": "AwsGuardDutyDetector",
|
|
11
|
-
"Description": "GuardDuty
|
|
12
|
-
"Risk": "
|
|
13
|
-
"RelatedUrl": "
|
|
14
|
+
"Description": "Amazon GuardDuty detectors are under **centralized management** when linked to a delegated administrator account, or when the detector's account serves as the **administrator** with associated member accounts.",
|
|
15
|
+
"Risk": "Lack of central management fragments **visibility** and slows **incident response** across accounts and regions. Adversaries can persist unnoticed, perform **lateral movement**, exfiltrate data, and alter configurations, harming **confidentiality**, **integrity**, and **availability**.",
|
|
16
|
+
"RelatedUrl": "",
|
|
17
|
+
"AdditionalURLs": [
|
|
18
|
+
"https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_accounts.html"
|
|
19
|
+
],
|
|
14
20
|
"Remediation": {
|
|
15
21
|
"Code": {
|
|
16
|
-
"CLI": "",
|
|
22
|
+
"CLI": "aws guardduty enable-organization-admin-account --admin-account-id <ADMIN_ACCOUNT_ID>",
|
|
17
23
|
"NativeIaC": "",
|
|
18
|
-
"Other": "",
|
|
24
|
+
"Other": "1. Sign in to the AWS Organizations management account\n2. Open the AWS Organizations console\n3. Go to Services > Amazon GuardDuty\n4. Click Register delegated administrator\n5. Enter the admin account ID and click Register",
|
|
19
25
|
"Terraform": ""
|
|
20
26
|
},
|
|
21
27
|
"Recommendation": {
|
|
22
|
-
"Text": "
|
|
23
|
-
"Url": "https://
|
|
28
|
+
"Text": "Designate a **delegated administrator** (preferably via *AWS Organizations*) and enroll all accounts as **members**. Enable auto-enrollment for new accounts, standardize detector settings across required regions, and route findings to central monitoring. Apply **least privilege** and **separation of duties**.",
|
|
29
|
+
"Url": "https://hub.prowler.com/check/guardduty_centrally_managed"
|
|
24
30
|
}
|
|
25
31
|
},
|
|
26
32
|
"Categories": [],
|
|
@@ -1,32 +1,41 @@
|
|
|
1
1
|
{
|
|
2
2
|
"Provider": "aws",
|
|
3
3
|
"CheckID": "guardduty_ec2_malware_protection_enabled",
|
|
4
|
-
"CheckTitle": "
|
|
4
|
+
"CheckTitle": "GuardDuty detector has Malware Protection for EC2 enabled",
|
|
5
5
|
"CheckType": [
|
|
6
|
-
"Software and Configuration Checks/AWS Security Best Practices"
|
|
6
|
+
"Software and Configuration Checks/AWS Security Best Practices/Runtime Behavior Analysis",
|
|
7
|
+
"Software and Configuration Checks/Industry and Regulatory Standards/AWS Foundational Security Best Practices"
|
|
7
8
|
],
|
|
8
9
|
"ServiceName": "guardduty",
|
|
9
10
|
"SubServiceName": "",
|
|
10
|
-
"ResourceIdTemplate": "
|
|
11
|
+
"ResourceIdTemplate": "",
|
|
11
12
|
"Severity": "high",
|
|
12
13
|
"ResourceType": "AwsGuardDutyDetector",
|
|
13
|
-
"Description": "GuardDuty Malware Protection for EC2
|
|
14
|
-
"Risk": "
|
|
15
|
-
"RelatedUrl": "
|
|
14
|
+
"Description": "**GuardDuty detectors** with **Malware Protection for EC2** enabled perform agentless scans of EBS volumes attached to **EC2 instances** and container workloads. Scans can be triggered by suspicious activity or run on-demand to identify malicious files within restored volume snapshots.",
|
|
15
|
+
"Risk": "Absent this coverage, malware on EC2 or containers can remain **undetected**, enabling:\n- Confidentiality loss via data exfiltration/credential theft\n- Integrity compromise through tampering and backdoors\n- Availability impact from ransomware/cryptominers\n\nPersistence increases **lateral movement** across the environment.",
|
|
16
|
+
"RelatedUrl": "",
|
|
17
|
+
"AdditionalURLs": [
|
|
18
|
+
"https://www.infoq.com/news/2022/08/aws-guardduty-malware-detection/",
|
|
19
|
+
"https://docs.aws.amazon.com/guardduty/latest/ug/malware-protection.html",
|
|
20
|
+
"https://www.trendmicro.com/cloudoneconformity/knowledge-base/aws/GuardDuty/enable-malware-protection-for-ec2.html",
|
|
21
|
+
"https://medium.com/@shashank.kulkarni0708/get-juiced-how-i-hacked-owasp-juice-shop-and-let-guardduty-catch-me-537f7064a1d5",
|
|
22
|
+
"https://docs.aws.amazon.com/guardduty/latest/ug/configure-malware-protection-single-account.html",
|
|
23
|
+
"https://docs.aws.amazon.com/securityhub/latest/userguide/guardduty-controls.html#guardduty-8"
|
|
24
|
+
],
|
|
16
25
|
"Remediation": {
|
|
17
26
|
"Code": {
|
|
18
|
-
"CLI": "aws guardduty update-detector --detector-id <detector-id> --
|
|
19
|
-
"NativeIaC": "",
|
|
20
|
-
"Other": "
|
|
21
|
-
"Terraform": ""
|
|
27
|
+
"CLI": "aws guardduty update-detector --detector-id <detector-id> --features '[{\"Name\":\"EBS_MALWARE_PROTECTION\",\"Status\":\"ENABLED\"}]'",
|
|
28
|
+
"NativeIaC": "```yaml\n# CloudFormation: enable GuardDuty Malware Protection for EC2\nResources:\n GuardDutyDetector:\n Type: AWS::GuardDuty::Detector\n Properties:\n Enable: true\n Features:\n - Name: EBS_MALWARE_PROTECTION # Critical: selects EC2 Malware Protection feature\n Status: ENABLED # Critical: enables the feature\n```",
|
|
29
|
+
"Other": "1. In the AWS console, open GuardDuty\n2. In the left menu, select Protection plans > Malware Protection for EC2\n3. Click Enable, then Save",
|
|
30
|
+
"Terraform": "```hcl\n# Enable GuardDuty Malware Protection for EC2\nresource \"aws_guardduty_detector\" \"<example_resource_name>\" {\n enable = true\n\n features {\n name = \"EBS_MALWARE_PROTECTION\" # Critical: selects EC2 Malware Protection feature\n status = \"ENABLED\" # Critical: enables the feature\n }\n}\n```"
|
|
22
31
|
},
|
|
23
32
|
"Recommendation": {
|
|
24
|
-
"Text": "Enable Malware Protection for EC2 in
|
|
25
|
-
"Url": "https://
|
|
33
|
+
"Text": "Enable **Malware Protection for EC2** across all accounts and Regions under centralized administration. Apply **least privilege** to findings access, define scan scope with tags and minimize exclusions, and retain snapshots based on data sensitivity. Integrate alerts with IR/SIEM and pair with hardening and vulnerability scanning for **defense in depth**.",
|
|
34
|
+
"Url": "https://hub.prowler.com/check/guardduty_ec2_malware_protection_enabled"
|
|
26
35
|
}
|
|
27
36
|
},
|
|
28
37
|
"Categories": [],
|
|
29
|
-
"Notes": "",
|
|
30
38
|
"DependsOn": [],
|
|
31
|
-
"RelatedTo": []
|
|
39
|
+
"RelatedTo": [],
|
|
40
|
+
"Notes": ""
|
|
32
41
|
}
|